Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2016-4975
Vulnerability from cvelistv5
Published
2018-08-14 13:00
Modified
2024-09-16 19:47
Severity ?
EPSS score ?
Summary
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Version: Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23) Version: Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:46:40.035Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20180926-0006/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us", }, { name: "105093", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105093", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache HTTP Server", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23)", }, { status: "affected", version: "Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31)", }, ], }, ], credits: [ { lang: "en", value: "The issue was discovered by Sergey Bobrov", }, ], datePublic: "2018-08-14T00:00:00", descriptions: [ { lang: "en", value: "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).", }, ], metrics: [ { other: { content: { lang: "eng", url: "https://httpd.apache.org/security/impact_levels.html#moderate", value: "moderate", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { description: "(undefined)", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-06T10:11:01", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20180926-0006/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us", }, { name: "105093", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105093", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E", }, ], title: "mod_userdir CRLF injection", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", DATE_PUBLIC: "2018-08-14", ID: "CVE-2016-4975", STATE: "PUBLIC", TITLE: "mod_userdir CRLF injection", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache HTTP Server", version: { version_data: [ { version_value: "Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23)", }, { version_value: "Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31)", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "The issue was discovered by Sergey Bobrov", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).", }, ], }, impact: [ { lang: "eng", url: "https://httpd.apache.org/security/impact_levels.html#moderate", value: "moderate", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "(undefined)", }, ], }, ], }, references: { reference_data: [ { name: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", refsource: "CONFIRM", url: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", }, { name: "https://security.netapp.com/advisory/ntap-20180926-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20180926-0006/", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us", }, { name: "105093", refsource: "BID", url: "http://www.securityfocus.com/bid/105093", }, { name: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", refsource: "CONFIRM", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2016-4975", datePublished: "2018-08-14T13:00:00Z", dateReserved: "2016-05-24T00:00:00", dateUpdated: "2024-09-16T19:47:03.346Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2016-4975\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2018-08-14T12:29:00.220\",\"lastModified\":\"2024-11-21T02:53:20.620\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \\\"Location\\\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).\"},{\"lang\":\"es\",\"value\":\"Posible inyección CRLF que permite ataques de separación de respuesta HTTP para los sitios que emplean mod_userdir. Este problema fue mitigado gracias a los cambios realizados en las versiones 2.4.25 y 2.2.32, que prohíben la inyección CR o LF en \\\"Location\\\" o en otro tipo de clave o valor de cabecera saliente. Esto se ha solucionado en Apache HTTP Server 2.4.25 (2.4.1-2.4.23 afectadas). Esto se ha solucionado en Apache HTTP Server 2.2.32 (2.2.0-2.2.31 afectadas).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-93\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67AD11FB-529C-404E-A13B-284F145322B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCBBB7FE-35FC-4515-8393-5145339FCE4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F519633F-AB68-495A-B85E-FD41F9F752CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A894BED6-C97D-4DA4-A13D-9CB2B3306BC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34A847D1-5AD5-4EFD-B165-7602AFC1E656\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AF3A0F5-4E5C-4278-9927-1F94F25CCAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB63EBE5-CF14-491E-ABA5-67116DFE3E5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C2A33DE-F55F-4FD8-BB00-9C1E006CA65C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1CF6394-95D9-42AF-A442-385EFF9CEFE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02B629FB-88C8-4E85-A137-28770F1E524E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03550EF0-DF89-42FE-BF0E-994514EBD947\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4886CCAB-6D4E-45C7-B177-2E8DBEA15531\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C35631AC-7C35-4F6A-A95A-3B080E5210ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CED2BA6-BE5E-4EF1-88EB-0DADD23D2EEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A71F4154-AD20-4EEA-9E2E-D3385C357DA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0B8C9DB-401E-42B3-BAED-D09A96DE9A90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"062C20A0-05A0-4164-8330-DF6ADFE607F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D345BA35-93BB-406F-B5DC-86E49FB29C22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7ED4892F-C829-4BEA-AB82-6A78F6F2426D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00128AAD-E746-4DCD-8676-1381E5232220\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE0D7ABB-DE11-40D6-8AAF-C626DD7E3914\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5252544F-7BDD-42EE-856E-B351B4B6D381\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58375DE5-F7EC-400D-84A2-CD70B72C4F63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15233815-C037-41BB-A447-A078F83A93F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5444C583-CF83-4ECD-8DF8-66D8C1FCF096\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C306D07-9DF3-4AD1-9984-ECA094D0F50E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"513A1C46-80FF-489C-AD31-F8F790C6D6C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FCD3C8C-9BF8-4F30-981A-593EEAEB9EDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"046487A3-752B-4D0F-8984-96486B828EAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89D2E052-51CD-4B57-A8B8-FAE51988D654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAA27058-BACF-4F94-8E3C-7D38EC302EC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FEAB0DF-04A9-4F99-8666-0BADC5D642B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7D924D1-8A36-4C43-9E56-52814F9A6350\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39CDFECC-E26D-47E0-976F-6629040B3764\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3ECBCB1-0675-41F5-857B-438F36925F63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB6CBFBF-74F6-42AF-BC79-AA53EA75F00B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8717A96B-9DB5-48D6-A2CF-A5E2B26AF3F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1F45B27-504B-4202-87B8-BD3B094003F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2FB2B98-DFD2-420A-8A7F-9B288651242F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B803D25B-0A19-4569-BA05-09D58F33917C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8510442C-212F-4013-85FA-E0AB59F6F2C6\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105093\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20180926-0006/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.securityfocus.com/bid/105093\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20180926-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", }, }
cve-2016-4975
Vulnerability from jvndb
Published
2017-06-30 15:55
Modified
2019-07-25 14:14
Severity ?
Summary
Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
Details
A vulnerability (CVE-2016-8743) exists in Cosminexus HTTP Server and Hitachi Web Server.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-008607.html", "dc:date": "2019-07-25T14:14+09:00", "dcterms:issued": "2017-06-30T15:55+09:00", "dcterms:modified": "2019-07-25T14:14+09:00", description: "A vulnerability (CVE-2016-8743) exists in Cosminexus HTTP Server and Hitachi Web Server.", link: "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-008607.html", "sec:cpe": [ { "#text": "cpe:/a:apache:http_server", "@product": "Apache HTTP Server", "@vendor": "Apache Software Foundation", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:cosminexus_http_server", "@product": "Cosminexus HTTP Server", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:hitachi_application_server", "@product": "Hitachi Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:hitachi_application_server_for_developers", "@product": "Hitachi Application Server for Developers", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:hitachi_web_server", "@product": "Hitachi Web Server", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:it_operations_director", "@product": "Hitachi IT Operations Director", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:job_management_partner_1%2Fit_desktop_management", "@product": "Job Management Partner 1/IT Desktop Management", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:job_management_partner_1%2Fit_desktop_management-manager", "@product": "Job Management Partner 1/IT Desktop Management - Manager", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:job_management_partner_1_integrated_management", "@product": "Job Management Partner 1/Integrated Management", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:job_management_partner_1_performance_management_web_console", "@product": "Job Management Partner 1/Performance Management - Web Console", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:jp1%2fautomatic_operation", "@product": "JP1/Automatic Operation", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:jp1%2Fit_desktop_management-manager", "@product": "JP1/IT Desktop Management - Manager", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:jp1%2fperformance_management", "@product": "JP1/Performance Management", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:jp1_automatic_job_management_system_3", "@product": "JP1/Automatic Job Management System 3", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:jp1_integrated_management", "@product": "JP1/Integrated Management", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:jp1_it_desktop_management", "@product": "JP1/IT Desktop Management", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:jp1_operation_analytics", "@product": "JP1/Operations Analytics", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:jp1_service_support", "@product": "JP1/Service Support", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server", "@product": "uCosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise", "@product": "uCosminexus Application Server Enterprise", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition", "@product": "uCosminexus Application Server Smart Edition", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server_standard", "@product": "uCosminexus Application Server Standard", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:ucosminexus_developer", "@product": "uCosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:ucosminexus_developer_light", "@product": "uCosminexus Developer Light", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:ucosminexus_developer_standard", "@product": "uCosminexus Developer Standard", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:ucosminexus_primary_server", "@product": "uCosminexus Primary Server", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:ucosminexus_service_architect", "@product": "uCosminexus Service Architect", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, { "#text": "cpe:/a:hitachi:ucosminexus_service_platform", "@product": "uCosminexus Service Platform", "@vendor": "Hitachi, Ltd", "@version": "2.2", }, ], "sec:cvss": [ { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "@version": "2.0", }, { "@score": "4.0", "@severity": "Medium", "@type": "Base", "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "@version": "3.0", }, ], "sec:identifier": "JVNDB-2016-008607", "sec:references": [ { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743", "@id": "CVE-2016-8743", "@source": "CVE", }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4975", "@id": "CVE-2016-4975", "@source": "CVE", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-8743", "@id": "CVE-2016-8743", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", "@id": "CVE-2016-4975", "@source": "NVD", }, { "#text": "https://cwe.mitre.org/data/definitions/19.html", "@id": "CWE-19", "@title": "Data Handling(CWE-19)", }, ], title: "Vulnerability in Cosminexus HTTP Server and Hitachi Web Server", }
RHSA-2017:0906
Vulnerability from csaf_redhat
Published
2017-04-12 12:24
Modified
2025-01-09 05:37
Summary
Red Hat Security Advisory: httpd security and bug fix update
Notes
Topic
An update for httpd is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
* It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. (CVE-2016-0736)
* It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication. (CVE-2016-2161)
* It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)
Note: The fix for the CVE-2016-8743 issue causes httpd to return "400 Bad Request" error to HTTP clients which do not strictly follow HTTP protocol specification. A newly introduced configuration directive "HttpProtocolOptions Unsafe" can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue.
Bug Fix(es):
* When waking up child processes during a graceful restart, the httpd parent process could attempt to open more connections than necessary if a large number of child processes had been active prior to the restart. Consequently, a graceful restart could take a long time to complete. With this update, httpd has been fixed to limit the number of connections opened during a graceful restart to the number of active children, and the described problem no longer occurs. (BZ#1420002)
* Previously, httpd running in a container returned the 500 HTTP status code (Internal Server Error) when a connection to a WebSocket server was closed. As a consequence, the httpd server failed to deliver the correct HTTP status and data to a client. With this update, httpd correctly handles all proxied requests to the WebSocket server, and the described problem no longer occurs. (BZ#1429947)
* In a configuration using LDAP authentication with the mod_authnz_ldap module, the name set using the AuthLDAPBindDN directive was not correctly used to bind to the LDAP server for all queries. Consequently, authorization attempts failed. The LDAP modules have been fixed to ensure the configured name is correctly bound for LDAP queries, and authorization using LDAP no longer fails. (BZ#1420047)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. (CVE-2016-0736)\n\n* It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication. (CVE-2016-2161)\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\nNote: The fix for the CVE-2016-8743 issue causes httpd to return \"400 Bad Request\" error to HTTP clients which do not strictly follow HTTP protocol specification. A newly introduced configuration directive \"HttpProtocolOptions Unsafe\" can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue.\n\nBug Fix(es):\n\n* When waking up child processes during a graceful restart, the httpd parent process could attempt to open more connections than necessary if a large number of child processes had been active prior to the restart. Consequently, a graceful restart could take a long time to complete. With this update, httpd has been fixed to limit the number of connections opened during a graceful restart to the number of active children, and the described problem no longer occurs. (BZ#1420002)\n\n* Previously, httpd running in a container returned the 500 HTTP status code (Internal Server Error) when a connection to a WebSocket server was closed. As a consequence, the httpd server failed to deliver the correct HTTP status and data to a client. With this update, httpd correctly handles all proxied requests to the WebSocket server, and the described problem no longer occurs. (BZ#1429947)\n\n* In a configuration using LDAP authentication with the mod_authnz_ldap module, the name set using the AuthLDAPBindDN directive was not correctly used to bind to the LDAP server for all queries. Consequently, authorization attempts failed. The LDAP modules have been fixed to ensure the configured name is correctly bound for LDAP queries, and authorization using LDAP no longer fails. (BZ#1420047)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2017:0906", url: "https://access.redhat.com/errata/RHSA-2017:0906", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "1406744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406744", }, { category: "external", summary: "1406753", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406753", }, { category: "external", summary: "1406822", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406822", }, { category: "external", summary: "1420002", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1420002", }, { category: "external", summary: "1420047", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1420047", }, { category: "external", summary: "1429947", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1429947", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_0906.json", }, ], title: "Red Hat Security Advisory: httpd security and bug fix update", tracking: { current_release_date: "2025-01-09T05:37:13+00:00", generator: { date: "2025-01-09T05:37:13+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2017:0906", initial_release_date: "2017-04-12T12:24:45+00:00", revision_history: [ { date: "2017-04-12T12:24:45+00:00", number: "1", summary: "Initial version", }, { date: "2017-04-12T12:24:45+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-09T05:37:13+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Client Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product: { name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server (v. 7)", product: { name: "Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", product: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", product_id: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.4?arch=x86_64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", product: { name: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", product_id: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.4?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", product: { name: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", product_id: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.4?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-0:2.4.6-45.el7_3.4.x86_64", product: { name: "httpd-0:2.4.6-45.el7_3.4.x86_64", product_id: "httpd-0:2.4.6-45.el7_3.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.4?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", product: { name: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", product_id: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.4?arch=x86_64", }, }, }, { category: "product_version", name: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", product: { name: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", product_id: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.4?arch=x86_64", }, }, }, { category: "product_version", name: "mod_session-0:2.4.6-45.el7_3.4.x86_64", product: { name: "mod_session-0:2.4.6-45.el7_3.4.x86_64", product_id: "mod_session-0:2.4.6-45.el7_3.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.4?arch=x86_64", }, }, }, { category: "product_version", name: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", product: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", product_id: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.4?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", product: { name: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", product_id: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.4.6-45.el7_3.4?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "httpd-0:2.4.6-45.el7_3.4.src", product: { name: "httpd-0:2.4.6-45.el7_3.4.src", product_id: "httpd-0:2.4.6-45.el7_3.4.src", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.4?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", product: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", product_id: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.4?arch=s390x", }, }, }, { category: "product_version", name: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", product: { name: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", product_id: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.4?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", product: { name: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", product_id: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.4?arch=s390x", }, }, }, { category: "product_version", name: "httpd-0:2.4.6-45.el7_3.4.s390x", product: { name: "httpd-0:2.4.6-45.el7_3.4.s390x", product_id: "httpd-0:2.4.6-45.el7_3.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.4?arch=s390x", }, }, }, { category: "product_version", name: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", product: { name: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", product_id: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.4?arch=s390x", }, }, }, { category: "product_version", name: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", product: { name: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", product_id: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.4?arch=s390x", }, }, }, { category: "product_version", name: "mod_session-0:2.4.6-45.el7_3.4.s390x", product: { name: "mod_session-0:2.4.6-45.el7_3.4.s390x", product_id: "mod_session-0:2.4.6-45.el7_3.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.4?arch=s390x", }, }, }, { category: "product_version", name: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", product: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", product_id: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.4?arch=s390x&epoch=1", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", product: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", product_id: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.4?arch=ppc64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", product: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", product_id: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.4?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", product: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", product_id: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.4?arch=ppc64", }, }, }, { category: "product_version", name: "httpd-0:2.4.6-45.el7_3.4.ppc64", product: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64", product_id: "httpd-0:2.4.6-45.el7_3.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.4?arch=ppc64", }, }, }, { category: "product_version", name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", product: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", product_id: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.4?arch=ppc64", }, }, }, { category: "product_version", name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", product: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", product_id: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.4?arch=ppc64", }, }, }, { category: "product_version", name: "mod_session-0:2.4.6-45.el7_3.4.ppc64", product: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64", product_id: "mod_session-0:2.4.6-45.el7_3.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.4?arch=ppc64", }, }, }, { category: "product_version", name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", product: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", product_id: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.4?arch=ppc64&epoch=1", }, }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", product: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", product_id: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.4?arch=ppc64le", }, }, }, { category: "product_version", name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", product: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", product_id: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.4?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", product: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", product_id: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.4?arch=ppc64le", }, }, }, { category: "product_version", name: "httpd-0:2.4.6-45.el7_3.4.ppc64le", product: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64le", product_id: "httpd-0:2.4.6-45.el7_3.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.4?arch=ppc64le", }, }, }, { category: "product_version", name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", product: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", product_id: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.4?arch=ppc64le", }, }, }, { category: "product_version", name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", product: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", product_id: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.4?arch=ppc64le", }, }, }, { category: "product_version", name: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", product: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", product_id: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.4?arch=ppc64le", }, }, }, { category: "product_version", name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", product: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", product_id: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.4?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", product: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", product_id: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.4?arch=aarch64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", product: { name: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", product_id: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.4?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", product: { name: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", product_id: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.4?arch=aarch64", }, }, }, { category: "product_version", name: "httpd-0:2.4.6-45.el7_3.4.aarch64", product: { name: "httpd-0:2.4.6-45.el7_3.4.aarch64", product_id: "httpd-0:2.4.6-45.el7_3.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.4?arch=aarch64", }, }, }, { category: "product_version", name: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", product: { name: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", product_id: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.4?arch=aarch64", }, }, }, { category: "product_version", name: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", product: { name: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", product_id: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.4?arch=aarch64", }, }, }, { category: "product_version", name: "mod_session-0:2.4.6-45.el7_3.4.aarch64", product: { name: "mod_session-0:2.4.6-45.el7_3.4.aarch64", product_id: "mod_session-0:2.4.6-45.el7_3.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.4?arch=aarch64", }, }, }, { category: "product_version", name: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", product: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", product_id: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.4?arch=aarch64&epoch=1", }, }, }, ], category: "architecture", name: "aarch64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.src", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.4.6-45.el7_3.4.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", }, product_reference: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.src", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.4.6-45.el7_3.4.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", }, product_reference: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.src as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.src", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.4.6-45.el7_3.4.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", }, product_reference: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.src", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.4.6-45.el7_3.4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", }, product_reference: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.src", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.4.6-45.el7_3.4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", }, product_reference: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.src", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.4.6-45.el7_3.4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", }, product_reference: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, ], }, vulnerabilities: [ { cve: "CVE-2016-0736", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2016-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1406744", }, ], notes: [ { category: "description", text: "It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack.", title: "Vulnerability description", }, { category: "summary", text: "httpd: Padding Oracle in Apache mod_session_crypto", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-0736", }, { category: "external", summary: "RHBZ#1406744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406744", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-0736", url: "https://www.cve.org/CVERecord?id=CVE-2016-0736", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-0736", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-0736", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25", url: "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25", }, { category: "external", summary: "https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt", url: "https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt", }, ], release_date: "2016-12-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-12T12:24:45+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0906", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: Padding Oracle in Apache mod_session_crypto", }, { cve: "CVE-2016-2161", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2016-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1406753", }, ], notes: [ { category: "description", text: "It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication.", title: "Vulnerability description", }, { category: "summary", text: "httpd: DoS vulnerability in mod_auth_digest", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-2161", }, { category: "external", summary: "RHBZ#1406753", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406753", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-2161", url: "https://www.cve.org/CVERecord?id=CVE-2016-2161", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-2161", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-2161", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25", url: "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25", }, ], release_date: "2016-12-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-12T12:24:45+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0906", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: DoS vulnerability in mod_auth_digest", }, { cve: "CVE-2016-4975", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2016-09-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1375968", }, ], notes: [ { category: "description", text: "It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data.", title: "Vulnerability description", }, { category: "summary", text: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-4975", }, { category: "external", summary: "RHBZ#1375968", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1375968", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-4975", url: "https://www.cve.org/CVERecord?id=CVE-2016-4975", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", }, ], release_date: "2018-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-12T12:24:45+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0906", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", }, { cve: "CVE-2016-8743", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2016-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1406822", }, ], notes: [ { category: "description", text: "It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning.", title: "Vulnerability description", }, { category: "summary", text: "httpd: Apache HTTP Request Parsing Whitespace Defects", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8743", }, { category: "external", summary: "RHBZ#1406822", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406822", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8743", url: "https://www.cve.org/CVERecord?id=CVE-2016-8743", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8743", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8743", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25", url: "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25", }, ], release_date: "2016-12-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-12T12:24:45+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0906", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", version: "3.0", }, products: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: Apache HTTP Request Parsing Whitespace Defects", }, ], }
RHSA-2018:2185
Vulnerability from csaf_redhat
Published
2018-07-12 16:14
Modified
2025-01-09 05:42
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 security update
Notes
Topic
Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this release as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
This release adds the new Apache HTTP Server 2.4.29 packages that are part
of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services
Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes,
enhancements and component upgrades included in this release.
This release upgrades OpenSSL to version 1.0.2.n
Security Fix(es):
* openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)
* openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)
* openssl: certificate message OOB reads (CVE-2016-6306)
* openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)
* openssl: Truncated packet could crash via OOB read (CVE-2017-3731)
* openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
* openssl: Read/write after SSL object in error state (CVE-2017-3737)
* openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6306
and CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this release as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release.\n\nThis release upgrades OpenSSL to version 1.0.2.n\n\nSecurity Fix(es):\n\n* openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)\n\n* openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)\n\n* openssl: certificate message OOB reads (CVE-2016-6306)\n\n* openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)\n\n* openssl: Truncated packet could crash via OOB read (CVE-2017-3731)\n\n* openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)\n\n* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)\n\n* openssl: Read/write after SSL object in error state (CVE-2017-3737)\n\n* openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6306 \nand CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2018:2185", url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/", }, { category: "external", summary: "1367340", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1367340", }, { category: "external", summary: "1369855", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1369855", }, { category: "external", summary: "1377594", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1377594", }, { category: "external", summary: "1393929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1393929", }, { category: "external", summary: "1416852", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416852", }, { category: "external", summary: "1416856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416856", }, { category: "external", summary: "1509169", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1509169", }, { category: "external", summary: "1523504", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523504", }, { category: "external", summary: "1523510", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523510", }, { category: "external", summary: "JBCS-373", url: "https://issues.redhat.com/browse/JBCS-373", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2185.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 security update", tracking: { current_release_date: "2025-01-09T05:42:24+00:00", generator: { date: "2025-01-09T05:42:24+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2018:2185", initial_release_date: "2018-07-12T16:14:46+00:00", revision_history: [ { date: "2018-07-12T16:14:46+00:00", number: "1", summary: "Initial version", }, { date: "2018-07-12T16:14:46+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-09T05:42:24+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Core Services on RHEL 7 Server", product: { name: "Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_core_services:1::el7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Core Services", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt-debuginfo@2.4.1-19.GA.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt@2.4.1-19.GA.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-17.GA.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx-debuginfo@0.9.6-17.GA.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb@5.4-36.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb-debuginfo@5.4-36.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_2.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.8-1.Final_redhat_2.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.43-1.redhat_1.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.43-1.redhat_1.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.43-1.redhat_1.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-14.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-14.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-14.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", product_id: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2n-11.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", product_id: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2n-11.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", product_id: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-11.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", product_id: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2n-11.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", product_id: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2n-11.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", product_id: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2n-11.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", product_id: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-8.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", product_id: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.29.0-8.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", product_id: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.29.0-8.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.1-23.GA.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-23.GA.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.29-17.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.29-17.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-1.redhat_2.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo@1.1.0-1.redhat_2.jbcs.el7?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", product: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", product_id: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt@2.4.1-19.GA.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", product: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", product_id: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-17.GA.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", product: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", product_id: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb@5.4-36.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", product: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", product_id: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_2.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", product: { name: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", product_id: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.43-1.redhat_1.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", product: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", product_id: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-14.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", product: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", product_id: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-9.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", product: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", product_id: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-11.jbcs.el7?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", product: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", product_id: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-8.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", product: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", product_id: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-23.GA.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", product: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", product_id: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-17.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-1.redhat_2.jbcs.el7?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", product: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", product_id: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.1.0-1.redhat_2.1.jbcs.el7?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", product: { name: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", product_id: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.29-17.jbcs.el7?arch=noarch", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", product: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", product_id: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.1.0-1.redhat_2.1.jbcs.el7?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", }, product_reference: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", }, product_reference: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", }, product_reference: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", }, product_reference: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", }, product_reference: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", }, product_reference: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", }, product_reference: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", }, product_reference: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", }, product_reference: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", }, product_reference: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", }, product_reference: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", }, product_reference: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", }, product_reference: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", }, product_reference: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, ], }, vulnerabilities: [ { cve: "CVE-2016-2182", cwe: { id: "CWE-391", name: "Unchecked Error Condition", }, discovery_date: "2016-08-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1367340", }, ], notes: [ { category: "description", text: "An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-2182", }, { category: "external", summary: "RHBZ#1367340", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1367340", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-2182", url: "https://www.cve.org/CVERecord?id=CVE-2016-2182", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-2182", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-2182", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20160922.txt", url: "https://www.openssl.org/news/secadv/20160922.txt", }, ], release_date: "2016-08-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()", }, { cve: "CVE-2016-4975", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2016-09-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1375968", }, ], notes: [ { category: "description", text: "It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data.", title: "Vulnerability description", }, { category: "summary", text: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-4975", }, { category: "external", summary: "RHBZ#1375968", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1375968", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-4975", url: "https://www.cve.org/CVERecord?id=CVE-2016-4975", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", }, ], release_date: "2018-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", }, { cve: "CVE-2016-6302", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2016-08-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1369855", }, ], notes: [ { category: "description", text: "An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Insufficient TLS session ticket HMAC length checks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-6302", }, { category: "external", summary: "RHBZ#1369855", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1369855", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-6302", url: "https://www.cve.org/CVERecord?id=CVE-2016-6302", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-6302", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-6302", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20160922.txt", url: "https://www.openssl.org/news/secadv/20160922.txt", }, ], release_date: "2016-08-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Insufficient TLS session ticket HMAC length checks", }, { acknowledgments: [ { names: [ "the OpenSSL project", ], }, { names: [ "Shi Lei", ], organization: "Gear Team of Qihoo 360 Inc.", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2016-6306", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2016-09-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1377594", }, ], notes: [ { category: "description", text: "Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL.", title: "Vulnerability description", }, { category: "summary", text: "openssl: certificate message OOB reads", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-6306", }, { category: "external", summary: "RHBZ#1377594", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1377594", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-6306", url: "https://www.cve.org/CVERecord?id=CVE-2016-6306", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-6306", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-6306", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20160922.txt", url: "https://www.openssl.org/news/secadv/20160922.txt", }, ], release_date: "2016-09-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 1.2, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: certificate message OOB reads", }, { acknowledgments: [ { names: [ "the OpenSSL project", ], }, ], cve: "CVE-2016-7055", cwe: { id: "CWE-682", name: "Incorrect Calculation", }, discovery_date: "2016-10-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1393929", }, ], notes: [ { category: "description", text: "There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Carry propagating bug in Montgomery multiplication", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-7055", }, { category: "external", summary: "RHBZ#1393929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1393929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-7055", url: "https://www.cve.org/CVERecord?id=CVE-2016-7055", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-7055", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-7055", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20161110.txt", url: "https://www.openssl.org/news/secadv/20161110.txt", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20170126.txt", url: "https://www.openssl.org/news/secadv/20170126.txt", }, ], release_date: "2016-10-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: Carry propagating bug in Montgomery multiplication", }, { cve: "CVE-2017-3731", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2017-01-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1416852", }, ], notes: [ { category: "description", text: "An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Truncated packet could crash via OOB read", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3731", }, { category: "external", summary: "RHBZ#1416852", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416852", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3731", url: "https://www.cve.org/CVERecord?id=CVE-2017-3731", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3731", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3731", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20170126.txt", url: "https://www.openssl.org/news/secadv/20170126.txt", }, ], release_date: "2017-01-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Truncated packet could crash via OOB read", }, { cve: "CVE-2017-3732", discovery_date: "2017-01-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1416856", }, ], notes: [ { category: "description", text: "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.", title: "Vulnerability description", }, { category: "summary", text: "openssl: BN_mod_exp may produce incorrect results on x86_64", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3732", }, { category: "external", summary: "RHBZ#1416856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416856", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3732", url: "https://www.cve.org/CVERecord?id=CVE-2017-3732", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3732", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3732", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20170126.txt", url: "https://www.openssl.org/news/secadv/20170126.txt", }, ], release_date: "2017-01-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: BN_mod_exp may produce incorrect results on x86_64", }, { cve: "CVE-2017-3736", cwe: { id: "CWE-682", name: "Incorrect Calculation", }, discovery_date: "2017-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1509169", }, ], notes: [ { category: "description", text: "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.", title: "Vulnerability description", }, { category: "summary", text: "openssl: bn_sqrx8x_internal carry bug on x86_64", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3736", }, { category: "external", summary: "RHBZ#1509169", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1509169", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3736", url: "https://www.cve.org/CVERecord?id=CVE-2017-3736", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3736", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3736", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20171102.txt", url: "https://www.openssl.org/news/secadv/20171102.txt", }, ], release_date: "2017-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: bn_sqrx8x_internal carry bug on x86_64", }, { cve: "CVE-2017-3737", cwe: { id: "CWE-391", name: "Unchecked Error Condition", }, discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523504", }, ], notes: [ { category: "description", text: "OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Read/write after SSL object in error state", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3737", }, { category: "external", summary: "RHBZ#1523504", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523504", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3737", url: "https://www.cve.org/CVERecord?id=CVE-2017-3737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3737", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3737", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20171207.txt", url: "https://www.openssl.org/news/secadv/20171207.txt", }, ], release_date: "2017-12-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Read/write after SSL object in error state", }, { cve: "CVE-2017-3738", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523510", }, ], notes: [ { category: "description", text: "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.", title: "Vulnerability description", }, { category: "summary", text: "openssl: rsaz_1024_mul_avx2 overflow bug on x86_64", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3738", }, { category: "external", summary: "RHBZ#1523510", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523510", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3738", url: "https://www.cve.org/CVERecord?id=CVE-2017-3738", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3738", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3738", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20171207.txt", url: "https://www.openssl.org/news/secadv/20171207.txt", }, ], release_date: "2017-12-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: rsaz_1024_mul_avx2 overflow bug on x86_64", }, ], }
rhsa-2018_2185
Vulnerability from csaf_redhat
Published
2018-07-12 16:14
Modified
2024-11-22 11:16
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 security update
Notes
Topic
Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this release as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
This release adds the new Apache HTTP Server 2.4.29 packages that are part
of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services
Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes,
enhancements and component upgrades included in this release.
This release upgrades OpenSSL to version 1.0.2.n
Security Fix(es):
* openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)
* openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)
* openssl: certificate message OOB reads (CVE-2016-6306)
* openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)
* openssl: Truncated packet could crash via OOB read (CVE-2017-3731)
* openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
* openssl: Read/write after SSL object in error state (CVE-2017-3737)
* openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6306
and CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this release as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release.\n\nThis release upgrades OpenSSL to version 1.0.2.n\n\nSecurity Fix(es):\n\n* openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)\n\n* openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)\n\n* openssl: certificate message OOB reads (CVE-2016-6306)\n\n* openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)\n\n* openssl: Truncated packet could crash via OOB read (CVE-2017-3731)\n\n* openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)\n\n* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)\n\n* openssl: Read/write after SSL object in error state (CVE-2017-3737)\n\n* openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6306 \nand CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2018:2185", url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/", }, { category: "external", summary: "1367340", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1367340", }, { category: "external", summary: "1369855", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1369855", }, { category: "external", summary: "1377594", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1377594", }, { category: "external", summary: "1393929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1393929", }, { category: "external", summary: "1416852", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416852", }, { category: "external", summary: "1416856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416856", }, { category: "external", summary: "1509169", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1509169", }, { category: "external", summary: "1523504", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523504", }, { category: "external", summary: "1523510", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523510", }, { category: "external", summary: "JBCS-373", url: "https://issues.redhat.com/browse/JBCS-373", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2185.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 security update", tracking: { current_release_date: "2024-11-22T11:16:03+00:00", generator: { date: "2024-11-22T11:16:03+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2018:2185", initial_release_date: "2018-07-12T16:14:46+00:00", revision_history: [ { date: "2018-07-12T16:14:46+00:00", number: "1", summary: "Initial version", }, { date: "2018-07-12T16:14:46+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T11:16:03+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Core Services on RHEL 7 Server", product: { name: "Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_core_services:1::el7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Core Services", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt-debuginfo@2.4.1-19.GA.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt@2.4.1-19.GA.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-17.GA.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx-debuginfo@0.9.6-17.GA.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb@5.4-36.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb-debuginfo@5.4-36.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_2.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.8-1.Final_redhat_2.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.43-1.redhat_1.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.43-1.redhat_1.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.43-1.redhat_1.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-14.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-14.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-14.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", product_id: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2n-11.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", product_id: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2n-11.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", product_id: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-11.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", product_id: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2n-11.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", product_id: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2n-11.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", product_id: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2n-11.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", product_id: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-8.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", product_id: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.29.0-8.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", product_id: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.29.0-8.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.1-23.GA.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-23.GA.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.29-17.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.29-17.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-1.redhat_2.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo@1.1.0-1.redhat_2.jbcs.el7?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", product: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", product_id: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt@2.4.1-19.GA.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", product: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", product_id: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-17.GA.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", product: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", product_id: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb@5.4-36.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", product: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", product_id: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_2.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", product: { name: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", product_id: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.43-1.redhat_1.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", product: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", product_id: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-14.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", product: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", product_id: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-9.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", product: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", product_id: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-11.jbcs.el7?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", product: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", product_id: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-8.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", product: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", product_id: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-23.GA.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", product: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", product_id: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-17.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-1.redhat_2.jbcs.el7?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", product: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", product_id: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.1.0-1.redhat_2.1.jbcs.el7?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", product: { name: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", product_id: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.29-17.jbcs.el7?arch=noarch", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", product: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", product_id: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.1.0-1.redhat_2.1.jbcs.el7?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", }, product_reference: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", }, product_reference: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", }, product_reference: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", }, product_reference: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", }, product_reference: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", }, product_reference: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", }, product_reference: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", }, product_reference: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", }, product_reference: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", }, product_reference: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", }, product_reference: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", }, product_reference: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", }, product_reference: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", }, product_reference: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, ], }, vulnerabilities: [ { cve: "CVE-2016-2182", cwe: { id: "CWE-391", name: "Unchecked Error Condition", }, discovery_date: "2016-08-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1367340", }, ], notes: [ { category: "description", text: "An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-2182", }, { category: "external", summary: "RHBZ#1367340", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1367340", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-2182", url: "https://www.cve.org/CVERecord?id=CVE-2016-2182", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-2182", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-2182", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20160922.txt", url: "https://www.openssl.org/news/secadv/20160922.txt", }, ], release_date: "2016-08-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()", }, { cve: "CVE-2016-4975", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2016-09-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1375968", }, ], notes: [ { category: "description", text: "It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data.", title: "Vulnerability description", }, { category: "summary", text: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-4975", }, { category: "external", summary: "RHBZ#1375968", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1375968", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-4975", url: "https://www.cve.org/CVERecord?id=CVE-2016-4975", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", }, ], release_date: "2018-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", }, { cve: "CVE-2016-6302", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2016-08-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1369855", }, ], notes: [ { category: "description", text: "An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Insufficient TLS session ticket HMAC length checks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-6302", }, { category: "external", summary: "RHBZ#1369855", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1369855", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-6302", url: "https://www.cve.org/CVERecord?id=CVE-2016-6302", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-6302", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-6302", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20160922.txt", url: "https://www.openssl.org/news/secadv/20160922.txt", }, ], release_date: "2016-08-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Insufficient TLS session ticket HMAC length checks", }, { acknowledgments: [ { names: [ "the OpenSSL project", ], }, { names: [ "Shi Lei", ], organization: "Gear Team of Qihoo 360 Inc.", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2016-6306", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2016-09-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1377594", }, ], notes: [ { category: "description", text: "Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL.", title: "Vulnerability description", }, { category: "summary", text: "openssl: certificate message OOB reads", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-6306", }, { category: "external", summary: "RHBZ#1377594", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1377594", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-6306", url: "https://www.cve.org/CVERecord?id=CVE-2016-6306", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-6306", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-6306", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20160922.txt", url: "https://www.openssl.org/news/secadv/20160922.txt", }, ], release_date: "2016-09-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 1.2, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: certificate message OOB reads", }, { acknowledgments: [ { names: [ "the OpenSSL project", ], }, ], cve: "CVE-2016-7055", cwe: { id: "CWE-682", name: "Incorrect Calculation", }, discovery_date: "2016-10-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1393929", }, ], notes: [ { category: "description", text: "There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Carry propagating bug in Montgomery multiplication", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-7055", }, { category: "external", summary: "RHBZ#1393929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1393929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-7055", url: "https://www.cve.org/CVERecord?id=CVE-2016-7055", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-7055", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-7055", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20161110.txt", url: "https://www.openssl.org/news/secadv/20161110.txt", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20170126.txt", url: "https://www.openssl.org/news/secadv/20170126.txt", }, ], release_date: "2016-10-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: Carry propagating bug in Montgomery multiplication", }, { cve: "CVE-2017-3731", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2017-01-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1416852", }, ], notes: [ { category: "description", text: "An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Truncated packet could crash via OOB read", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3731", }, { category: "external", summary: "RHBZ#1416852", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416852", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3731", url: "https://www.cve.org/CVERecord?id=CVE-2017-3731", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3731", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3731", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20170126.txt", url: "https://www.openssl.org/news/secadv/20170126.txt", }, ], release_date: "2017-01-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Truncated packet could crash via OOB read", }, { cve: "CVE-2017-3732", discovery_date: "2017-01-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1416856", }, ], notes: [ { category: "description", text: "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.", title: "Vulnerability description", }, { category: "summary", text: "openssl: BN_mod_exp may produce incorrect results on x86_64", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3732", }, { category: "external", summary: "RHBZ#1416856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416856", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3732", url: "https://www.cve.org/CVERecord?id=CVE-2017-3732", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3732", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3732", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20170126.txt", url: "https://www.openssl.org/news/secadv/20170126.txt", }, ], release_date: "2017-01-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: BN_mod_exp may produce incorrect results on x86_64", }, { cve: "CVE-2017-3736", cwe: { id: "CWE-682", name: "Incorrect Calculation", }, discovery_date: "2017-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1509169", }, ], notes: [ { category: "description", text: "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.", title: "Vulnerability description", }, { category: "summary", text: "openssl: bn_sqrx8x_internal carry bug on x86_64", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3736", }, { category: "external", summary: "RHBZ#1509169", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1509169", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3736", url: "https://www.cve.org/CVERecord?id=CVE-2017-3736", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3736", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3736", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20171102.txt", url: "https://www.openssl.org/news/secadv/20171102.txt", }, ], release_date: "2017-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: bn_sqrx8x_internal carry bug on x86_64", }, { cve: "CVE-2017-3737", cwe: { id: "CWE-391", name: "Unchecked Error Condition", }, discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523504", }, ], notes: [ { category: "description", text: "OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Read/write after SSL object in error state", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3737", }, { category: "external", summary: "RHBZ#1523504", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523504", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3737", url: "https://www.cve.org/CVERecord?id=CVE-2017-3737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3737", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3737", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20171207.txt", url: "https://www.openssl.org/news/secadv/20171207.txt", }, ], release_date: "2017-12-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Read/write after SSL object in error state", }, { cve: "CVE-2017-3738", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523510", }, ], notes: [ { category: "description", text: "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.", title: "Vulnerability description", }, { category: "summary", text: "openssl: rsaz_1024_mul_avx2 overflow bug on x86_64", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3738", }, { category: "external", summary: "RHBZ#1523510", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523510", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3738", url: "https://www.cve.org/CVERecord?id=CVE-2017-3738", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3738", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3738", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20171207.txt", url: "https://www.openssl.org/news/secadv/20171207.txt", }, ], release_date: "2017-12-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: rsaz_1024_mul_avx2 overflow bug on x86_64", }, ], }
rhsa-2018_2186
Vulnerability from csaf_redhat
Published
2018-07-12 16:14
Modified
2024-11-22 11:15
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update
Notes
Topic
Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this release as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
This release adds the new Apache HTTP Server 2.4.29 packages that are part
of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services
Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes,
enhancements and component upgrades included in this release.
This release upgrades OpenSSL to version 1.0.2.n
Security Fix(es):
* openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)
* openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)
* openssl: certificate message OOB reads (CVE-2016-6306)
* openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)
* openssl: Truncated packet could crash via OOB read (CVE-2017-3731)
* openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
* openssl: Read/write after SSL object in error state (CVE-2017-3737)
* openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6306
and CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this release as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release.\n\nThis release upgrades OpenSSL to version 1.0.2.n\n\nSecurity Fix(es):\n\n* openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)\n\n* openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)\n\n* openssl: certificate message OOB reads (CVE-2016-6306)\n\n* openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)\n\n* openssl: Truncated packet could crash via OOB read (CVE-2017-3731)\n\n* openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)\n\n* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)\n\n* openssl: Read/write after SSL object in error state (CVE-2017-3737)\n\n* openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6306 \nand CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2018:2186", url: "https://access.redhat.com/errata/RHSA-2018:2186", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/", }, { category: "external", summary: "1367340", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1367340", }, { category: "external", summary: "1369855", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1369855", }, { category: "external", summary: "1377594", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1377594", }, { category: "external", summary: "1393929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1393929", }, { category: "external", summary: "1416852", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416852", }, { category: "external", summary: "1416856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416856", }, { category: "external", summary: "1509169", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1509169", }, { category: "external", summary: "1523504", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523504", }, { category: "external", summary: "1523510", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523510", }, { category: "external", summary: "JBCS-372", url: "https://issues.redhat.com/browse/JBCS-372", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2186.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update", tracking: { current_release_date: "2024-11-22T11:15:56+00:00", generator: { date: "2024-11-22T11:15:56+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2018:2186", initial_release_date: "2018-07-12T16:14:52+00:00", revision_history: [ { date: "2018-07-12T16:14:52+00:00", number: "1", summary: "Initial version", }, { date: "2018-07-12T16:14:52+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T11:15:56+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Core Services on RHEL 6 Server", product: { name: "Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_core_services:1::el6", }, }, }, ], category: "product_family", name: "Red Hat JBoss Core Services", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt-debuginfo@2.4.1-19.GA.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt@2.4.1-19.GA.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-17.GA.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx-debuginfo@0.9.6-17.GA.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb@5.4-36.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb-debuginfo@5.4-36.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_2.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.8-1.Final_redhat_2.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.43-1.redhat_1.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.43-1.redhat_1.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.43-1.redhat_1.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-14.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-14.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-14.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", product_id: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2n-11.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", product_id: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2n-11.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", product_id: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-11.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", product_id: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2n-11.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", product_id: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2n-11.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", product_id: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2n-11.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", product_id: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-8.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", product_id: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.29.0-8.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", product_id: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.29.0-8.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-23.GA.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.1-23.GA.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.29-17.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.29-17.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.29-17.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.29-17.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.29-17.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.29-17.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.29-17.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-17.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.29-17.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-1.redhat_2.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo@1.1.0-1.redhat_2.jbcs.el6?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt-debuginfo@2.4.1-19.GA.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt@2.4.1-19.GA.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-17.GA.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx-debuginfo@0.9.6-17.GA.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb@5.4-36.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb-debuginfo@5.4-36.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_2.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.8-1.Final_redhat_2.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.43-1.redhat_1.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.43-1.redhat_1.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.43-1.redhat_1.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-14.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-14.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-14.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", product: { name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", product_id: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2n-11.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", product: { name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", product_id: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2n-11.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", product: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", product_id: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-11.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", product: { name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", product_id: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2n-11.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", product: { name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", product_id: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2n-11.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", product: { name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", product_id: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2n-11.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", product: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", product_id: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-8.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", product: { name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", product_id: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.29.0-8.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", product: { name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", product_id: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.29.0-8.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-23.GA.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.1-23.GA.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.29-17.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.29-17.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.29-17.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.29-17.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.29-17.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.29-17.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.29-17.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-17.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.29-17.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-1.redhat_2.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo@1.1.0-1.redhat_2.jbcs.el6?arch=i686&epoch=1", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", product: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", product_id: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt@2.4.1-19.GA.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", product: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", product_id: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-17.GA.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", product: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", product_id: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb@5.4-36.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", product: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", product_id: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_2.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", product: { name: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", product_id: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.43-1.redhat_1.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", product: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", product_id: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-14.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", product: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", product_id: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-9.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", product: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", product_id: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-11.jbcs.el6?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", product: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", product_id: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-8.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", product: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", product_id: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-23.GA.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", product: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", product_id: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-17.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-1.redhat_2.jbcs.el6?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", product: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", product_id: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.1.0-1.redhat_2.1.jbcs.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", product: { name: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", product_id: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.29-17.jbcs.el6?arch=noarch", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", product: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", product_id: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.1.0-1.redhat_2.1.jbcs.el6?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", }, product_reference: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", }, product_reference: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", }, product_reference: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", }, product_reference: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", }, product_reference: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", }, product_reference: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", }, product_reference: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", }, product_reference: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", }, product_reference: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", }, product_reference: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", }, product_reference: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", }, product_reference: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", }, product_reference: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", }, product_reference: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, ], }, vulnerabilities: [ { cve: "CVE-2016-2182", cwe: { id: "CWE-391", name: "Unchecked Error Condition", }, discovery_date: "2016-08-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1367340", }, ], notes: [ { category: "description", text: "An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-2182", }, { category: "external", summary: "RHBZ#1367340", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1367340", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-2182", url: "https://www.cve.org/CVERecord?id=CVE-2016-2182", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-2182", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-2182", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20160922.txt", url: "https://www.openssl.org/news/secadv/20160922.txt", }, ], release_date: "2016-08-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()", }, { cve: "CVE-2016-4975", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2016-09-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1375968", }, ], notes: [ { category: "description", text: "It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data.", title: "Vulnerability description", }, { category: "summary", text: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-4975", }, { category: "external", summary: "RHBZ#1375968", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1375968", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-4975", url: "https://www.cve.org/CVERecord?id=CVE-2016-4975", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", }, ], release_date: "2018-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", }, { cve: "CVE-2016-6302", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2016-08-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1369855", }, ], notes: [ { category: "description", text: "An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Insufficient TLS session ticket HMAC length checks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-6302", }, { category: "external", summary: "RHBZ#1369855", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1369855", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-6302", url: "https://www.cve.org/CVERecord?id=CVE-2016-6302", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-6302", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-6302", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20160922.txt", url: "https://www.openssl.org/news/secadv/20160922.txt", }, ], release_date: "2016-08-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Insufficient TLS session ticket HMAC length checks", }, { acknowledgments: [ { names: [ "the OpenSSL project", ], }, { names: [ "Shi Lei", ], organization: "Gear Team of Qihoo 360 Inc.", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2016-6306", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2016-09-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1377594", }, ], notes: [ { category: "description", text: "Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL.", title: "Vulnerability description", }, { category: "summary", text: "openssl: certificate message OOB reads", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-6306", }, { category: "external", summary: "RHBZ#1377594", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1377594", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-6306", url: "https://www.cve.org/CVERecord?id=CVE-2016-6306", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-6306", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-6306", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20160922.txt", url: "https://www.openssl.org/news/secadv/20160922.txt", }, ], release_date: "2016-09-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 1.2, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: certificate message OOB reads", }, { acknowledgments: [ { names: [ "the OpenSSL project", ], }, ], cve: "CVE-2016-7055", cwe: { id: "CWE-682", name: "Incorrect Calculation", }, discovery_date: "2016-10-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1393929", }, ], notes: [ { category: "description", text: "There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Carry propagating bug in Montgomery multiplication", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-7055", }, { category: "external", summary: "RHBZ#1393929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1393929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-7055", url: "https://www.cve.org/CVERecord?id=CVE-2016-7055", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-7055", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-7055", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20161110.txt", url: "https://www.openssl.org/news/secadv/20161110.txt", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20170126.txt", url: "https://www.openssl.org/news/secadv/20170126.txt", }, ], release_date: "2016-10-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: Carry propagating bug in Montgomery multiplication", }, { cve: "CVE-2017-3731", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2017-01-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1416852", }, ], notes: [ { category: "description", text: "An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Truncated packet could crash via OOB read", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3731", }, { category: "external", summary: "RHBZ#1416852", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416852", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3731", url: "https://www.cve.org/CVERecord?id=CVE-2017-3731", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3731", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3731", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20170126.txt", url: "https://www.openssl.org/news/secadv/20170126.txt", }, ], release_date: "2017-01-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Truncated packet could crash via OOB read", }, { cve: "CVE-2017-3732", discovery_date: "2017-01-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1416856", }, ], notes: [ { category: "description", text: "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.", title: "Vulnerability description", }, { category: "summary", text: "openssl: BN_mod_exp may produce incorrect results on x86_64", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3732", }, { category: "external", summary: "RHBZ#1416856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416856", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3732", url: "https://www.cve.org/CVERecord?id=CVE-2017-3732", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3732", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3732", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20170126.txt", url: "https://www.openssl.org/news/secadv/20170126.txt", }, ], release_date: "2017-01-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: BN_mod_exp may produce incorrect results on x86_64", }, { cve: "CVE-2017-3736", cwe: { id: "CWE-682", name: "Incorrect Calculation", }, discovery_date: "2017-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1509169", }, ], notes: [ { category: "description", text: "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.", title: "Vulnerability description", }, { category: "summary", text: "openssl: bn_sqrx8x_internal carry bug on x86_64", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3736", }, { category: "external", summary: "RHBZ#1509169", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1509169", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3736", url: "https://www.cve.org/CVERecord?id=CVE-2017-3736", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3736", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3736", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20171102.txt", url: "https://www.openssl.org/news/secadv/20171102.txt", }, ], release_date: "2017-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: bn_sqrx8x_internal carry bug on x86_64", }, { cve: "CVE-2017-3737", cwe: { id: "CWE-391", name: "Unchecked Error Condition", }, discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523504", }, ], notes: [ { category: "description", text: "OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Read/write after SSL object in error state", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3737", }, { category: "external", summary: "RHBZ#1523504", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523504", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3737", url: "https://www.cve.org/CVERecord?id=CVE-2017-3737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3737", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3737", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20171207.txt", url: "https://www.openssl.org/news/secadv/20171207.txt", }, ], release_date: "2017-12-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Read/write after SSL object in error state", }, { cve: "CVE-2017-3738", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523510", }, ], notes: [ { category: "description", text: "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.", title: "Vulnerability description", }, { category: "summary", text: "openssl: rsaz_1024_mul_avx2 overflow bug on x86_64", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3738", }, { category: "external", summary: "RHBZ#1523510", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523510", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3738", url: "https://www.cve.org/CVERecord?id=CVE-2017-3738", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3738", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3738", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20171207.txt", url: "https://www.openssl.org/news/secadv/20171207.txt", }, ], release_date: "2017-12-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: rsaz_1024_mul_avx2 overflow bug on x86_64", }, ], }
rhsa-2017:0906
Vulnerability from csaf_redhat
Published
2017-04-12 12:24
Modified
2025-01-09 05:37
Summary
Red Hat Security Advisory: httpd security and bug fix update
Notes
Topic
An update for httpd is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
* It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. (CVE-2016-0736)
* It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication. (CVE-2016-2161)
* It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)
Note: The fix for the CVE-2016-8743 issue causes httpd to return "400 Bad Request" error to HTTP clients which do not strictly follow HTTP protocol specification. A newly introduced configuration directive "HttpProtocolOptions Unsafe" can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue.
Bug Fix(es):
* When waking up child processes during a graceful restart, the httpd parent process could attempt to open more connections than necessary if a large number of child processes had been active prior to the restart. Consequently, a graceful restart could take a long time to complete. With this update, httpd has been fixed to limit the number of connections opened during a graceful restart to the number of active children, and the described problem no longer occurs. (BZ#1420002)
* Previously, httpd running in a container returned the 500 HTTP status code (Internal Server Error) when a connection to a WebSocket server was closed. As a consequence, the httpd server failed to deliver the correct HTTP status and data to a client. With this update, httpd correctly handles all proxied requests to the WebSocket server, and the described problem no longer occurs. (BZ#1429947)
* In a configuration using LDAP authentication with the mod_authnz_ldap module, the name set using the AuthLDAPBindDN directive was not correctly used to bind to the LDAP server for all queries. Consequently, authorization attempts failed. The LDAP modules have been fixed to ensure the configured name is correctly bound for LDAP queries, and authorization using LDAP no longer fails. (BZ#1420047)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. (CVE-2016-0736)\n\n* It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication. (CVE-2016-2161)\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\nNote: The fix for the CVE-2016-8743 issue causes httpd to return \"400 Bad Request\" error to HTTP clients which do not strictly follow HTTP protocol specification. A newly introduced configuration directive \"HttpProtocolOptions Unsafe\" can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue.\n\nBug Fix(es):\n\n* When waking up child processes during a graceful restart, the httpd parent process could attempt to open more connections than necessary if a large number of child processes had been active prior to the restart. Consequently, a graceful restart could take a long time to complete. With this update, httpd has been fixed to limit the number of connections opened during a graceful restart to the number of active children, and the described problem no longer occurs. (BZ#1420002)\n\n* Previously, httpd running in a container returned the 500 HTTP status code (Internal Server Error) when a connection to a WebSocket server was closed. As a consequence, the httpd server failed to deliver the correct HTTP status and data to a client. With this update, httpd correctly handles all proxied requests to the WebSocket server, and the described problem no longer occurs. (BZ#1429947)\n\n* In a configuration using LDAP authentication with the mod_authnz_ldap module, the name set using the AuthLDAPBindDN directive was not correctly used to bind to the LDAP server for all queries. Consequently, authorization attempts failed. The LDAP modules have been fixed to ensure the configured name is correctly bound for LDAP queries, and authorization using LDAP no longer fails. (BZ#1420047)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2017:0906", url: "https://access.redhat.com/errata/RHSA-2017:0906", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "1406744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406744", }, { category: "external", summary: "1406753", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406753", }, { category: "external", summary: "1406822", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406822", }, { category: "external", summary: "1420002", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1420002", }, { category: "external", summary: "1420047", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1420047", }, { category: "external", summary: "1429947", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1429947", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_0906.json", }, ], title: "Red Hat Security Advisory: httpd security and bug fix update", tracking: { current_release_date: "2025-01-09T05:37:13+00:00", generator: { date: "2025-01-09T05:37:13+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2017:0906", initial_release_date: "2017-04-12T12:24:45+00:00", revision_history: [ { date: "2017-04-12T12:24:45+00:00", number: "1", summary: "Initial version", }, { date: "2017-04-12T12:24:45+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-09T05:37:13+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Client Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product: { name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server (v. 7)", product: { name: "Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", product: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", product_id: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.4?arch=x86_64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", product: { name: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", product_id: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.4?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", product: { name: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", product_id: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.4?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-0:2.4.6-45.el7_3.4.x86_64", product: { name: "httpd-0:2.4.6-45.el7_3.4.x86_64", product_id: "httpd-0:2.4.6-45.el7_3.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.4?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", product: { name: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", product_id: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.4?arch=x86_64", }, }, }, { category: "product_version", name: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", product: { name: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", product_id: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.4?arch=x86_64", }, }, }, { category: "product_version", name: "mod_session-0:2.4.6-45.el7_3.4.x86_64", product: { name: "mod_session-0:2.4.6-45.el7_3.4.x86_64", product_id: "mod_session-0:2.4.6-45.el7_3.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.4?arch=x86_64", }, }, }, { category: "product_version", name: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", product: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", product_id: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.4?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", product: { name: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", product_id: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.4.6-45.el7_3.4?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "httpd-0:2.4.6-45.el7_3.4.src", product: { name: "httpd-0:2.4.6-45.el7_3.4.src", product_id: "httpd-0:2.4.6-45.el7_3.4.src", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.4?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", product: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", product_id: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.4?arch=s390x", }, }, }, { category: "product_version", name: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", product: { name: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", product_id: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.4?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", product: { name: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", product_id: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.4?arch=s390x", }, }, }, { category: "product_version", name: "httpd-0:2.4.6-45.el7_3.4.s390x", product: { name: "httpd-0:2.4.6-45.el7_3.4.s390x", product_id: "httpd-0:2.4.6-45.el7_3.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.4?arch=s390x", }, }, }, { category: "product_version", name: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", product: { name: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", product_id: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.4?arch=s390x", }, }, }, { category: "product_version", name: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", product: { name: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", product_id: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.4?arch=s390x", }, }, }, { category: "product_version", name: "mod_session-0:2.4.6-45.el7_3.4.s390x", product: { name: "mod_session-0:2.4.6-45.el7_3.4.s390x", product_id: "mod_session-0:2.4.6-45.el7_3.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.4?arch=s390x", }, }, }, { category: "product_version", name: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", product: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", product_id: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.4?arch=s390x&epoch=1", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", product: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", product_id: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.4?arch=ppc64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", product: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", product_id: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.4?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", product: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", product_id: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.4?arch=ppc64", }, }, }, { category: "product_version", name: "httpd-0:2.4.6-45.el7_3.4.ppc64", product: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64", product_id: "httpd-0:2.4.6-45.el7_3.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.4?arch=ppc64", }, }, }, { category: "product_version", name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", product: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", product_id: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.4?arch=ppc64", }, }, }, { category: "product_version", name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", product: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", product_id: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.4?arch=ppc64", }, }, }, { category: "product_version", name: "mod_session-0:2.4.6-45.el7_3.4.ppc64", product: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64", product_id: "mod_session-0:2.4.6-45.el7_3.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.4?arch=ppc64", }, }, }, { category: "product_version", name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", product: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", product_id: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.4?arch=ppc64&epoch=1", }, }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", product: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", product_id: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.4?arch=ppc64le", }, }, }, { category: "product_version", name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", product: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", product_id: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.4?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", product: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", product_id: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.4?arch=ppc64le", }, }, }, { category: "product_version", name: "httpd-0:2.4.6-45.el7_3.4.ppc64le", product: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64le", product_id: "httpd-0:2.4.6-45.el7_3.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.4?arch=ppc64le", }, }, }, { category: "product_version", name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", product: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", product_id: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.4?arch=ppc64le", }, }, }, { category: "product_version", name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", product: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", product_id: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.4?arch=ppc64le", }, }, }, { category: "product_version", name: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", product: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", product_id: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.4?arch=ppc64le", }, }, }, { category: "product_version", name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", product: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", product_id: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.4?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", product: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", product_id: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.4?arch=aarch64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", product: { name: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", product_id: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.4?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", product: { name: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", product_id: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.4?arch=aarch64", }, }, }, { category: "product_version", name: "httpd-0:2.4.6-45.el7_3.4.aarch64", product: { name: "httpd-0:2.4.6-45.el7_3.4.aarch64", product_id: "httpd-0:2.4.6-45.el7_3.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.4?arch=aarch64", }, }, }, { category: "product_version", name: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", product: { name: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", product_id: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.4?arch=aarch64", }, }, }, { category: "product_version", name: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", product: { name: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", product_id: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.4?arch=aarch64", }, }, }, { category: "product_version", name: "mod_session-0:2.4.6-45.el7_3.4.aarch64", product: { name: "mod_session-0:2.4.6-45.el7_3.4.aarch64", product_id: "mod_session-0:2.4.6-45.el7_3.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.4?arch=aarch64", }, }, }, { category: "product_version", name: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", product: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", product_id: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.4?arch=aarch64&epoch=1", }, }, }, ], category: "architecture", name: "aarch64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.src", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.4.6-45.el7_3.4.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", }, product_reference: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.src", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.4.6-45.el7_3.4.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", }, product_reference: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.src as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.src", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.4.6-45.el7_3.4.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", }, product_reference: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.src", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.4.6-45.el7_3.4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", }, product_reference: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.src", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.4.6-45.el7_3.4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", }, product_reference: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.src", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.4.6-45.el7_3.4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", }, product_reference: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, ], }, vulnerabilities: [ { cve: "CVE-2016-0736", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2016-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1406744", }, ], notes: [ { category: "description", text: "It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack.", title: "Vulnerability description", }, { category: "summary", text: "httpd: Padding Oracle in Apache mod_session_crypto", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-0736", }, { category: "external", summary: "RHBZ#1406744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406744", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-0736", url: "https://www.cve.org/CVERecord?id=CVE-2016-0736", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-0736", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-0736", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25", url: "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25", }, { category: "external", summary: "https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt", url: "https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt", }, ], release_date: "2016-12-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-12T12:24:45+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0906", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: Padding Oracle in Apache mod_session_crypto", }, { cve: "CVE-2016-2161", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2016-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1406753", }, ], notes: [ { category: "description", text: "It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication.", title: "Vulnerability description", }, { category: "summary", text: "httpd: DoS vulnerability in mod_auth_digest", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-2161", }, { category: "external", summary: "RHBZ#1406753", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406753", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-2161", url: "https://www.cve.org/CVERecord?id=CVE-2016-2161", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-2161", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-2161", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25", url: "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25", }, ], release_date: "2016-12-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-12T12:24:45+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0906", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: DoS vulnerability in mod_auth_digest", }, { cve: "CVE-2016-4975", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2016-09-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1375968", }, ], notes: [ { category: "description", text: "It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data.", title: "Vulnerability description", }, { category: "summary", text: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-4975", }, { category: "external", summary: "RHBZ#1375968", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1375968", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-4975", url: "https://www.cve.org/CVERecord?id=CVE-2016-4975", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", }, ], release_date: "2018-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-12T12:24:45+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0906", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", }, { cve: "CVE-2016-8743", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2016-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1406822", }, ], notes: [ { category: "description", text: "It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning.", title: "Vulnerability description", }, { category: "summary", text: "httpd: Apache HTTP Request Parsing Whitespace Defects", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8743", }, { category: "external", summary: "RHBZ#1406822", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406822", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8743", url: "https://www.cve.org/CVERecord?id=CVE-2016-8743", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8743", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8743", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25", url: "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25", }, ], release_date: "2016-12-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-12T12:24:45+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0906", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", version: "3.0", }, products: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: Apache HTTP Request Parsing Whitespace Defects", }, ], }
rhsa-2017_0906
Vulnerability from csaf_redhat
Published
2017-04-12 12:24
Modified
2024-11-22 10:45
Summary
Red Hat Security Advisory: httpd security and bug fix update
Notes
Topic
An update for httpd is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
* It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. (CVE-2016-0736)
* It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication. (CVE-2016-2161)
* It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)
Note: The fix for the CVE-2016-8743 issue causes httpd to return "400 Bad Request" error to HTTP clients which do not strictly follow HTTP protocol specification. A newly introduced configuration directive "HttpProtocolOptions Unsafe" can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue.
Bug Fix(es):
* When waking up child processes during a graceful restart, the httpd parent process could attempt to open more connections than necessary if a large number of child processes had been active prior to the restart. Consequently, a graceful restart could take a long time to complete. With this update, httpd has been fixed to limit the number of connections opened during a graceful restart to the number of active children, and the described problem no longer occurs. (BZ#1420002)
* Previously, httpd running in a container returned the 500 HTTP status code (Internal Server Error) when a connection to a WebSocket server was closed. As a consequence, the httpd server failed to deliver the correct HTTP status and data to a client. With this update, httpd correctly handles all proxied requests to the WebSocket server, and the described problem no longer occurs. (BZ#1429947)
* In a configuration using LDAP authentication with the mod_authnz_ldap module, the name set using the AuthLDAPBindDN directive was not correctly used to bind to the LDAP server for all queries. Consequently, authorization attempts failed. The LDAP modules have been fixed to ensure the configured name is correctly bound for LDAP queries, and authorization using LDAP no longer fails. (BZ#1420047)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. (CVE-2016-0736)\n\n* It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication. (CVE-2016-2161)\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\nNote: The fix for the CVE-2016-8743 issue causes httpd to return \"400 Bad Request\" error to HTTP clients which do not strictly follow HTTP protocol specification. A newly introduced configuration directive \"HttpProtocolOptions Unsafe\" can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue.\n\nBug Fix(es):\n\n* When waking up child processes during a graceful restart, the httpd parent process could attempt to open more connections than necessary if a large number of child processes had been active prior to the restart. Consequently, a graceful restart could take a long time to complete. With this update, httpd has been fixed to limit the number of connections opened during a graceful restart to the number of active children, and the described problem no longer occurs. (BZ#1420002)\n\n* Previously, httpd running in a container returned the 500 HTTP status code (Internal Server Error) when a connection to a WebSocket server was closed. As a consequence, the httpd server failed to deliver the correct HTTP status and data to a client. With this update, httpd correctly handles all proxied requests to the WebSocket server, and the described problem no longer occurs. (BZ#1429947)\n\n* In a configuration using LDAP authentication with the mod_authnz_ldap module, the name set using the AuthLDAPBindDN directive was not correctly used to bind to the LDAP server for all queries. Consequently, authorization attempts failed. The LDAP modules have been fixed to ensure the configured name is correctly bound for LDAP queries, and authorization using LDAP no longer fails. (BZ#1420047)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2017:0906", url: "https://access.redhat.com/errata/RHSA-2017:0906", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "1406744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406744", }, { category: "external", summary: "1406753", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406753", }, { category: "external", summary: "1406822", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406822", }, { category: "external", summary: "1420002", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1420002", }, { category: "external", summary: "1420047", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1420047", }, { category: "external", summary: "1429947", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1429947", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_0906.json", }, ], title: "Red Hat Security Advisory: httpd security and bug fix update", tracking: { current_release_date: "2024-11-22T10:45:56+00:00", generator: { date: "2024-11-22T10:45:56+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2017:0906", initial_release_date: "2017-04-12T12:24:45+00:00", revision_history: [ { date: "2017-04-12T12:24:45+00:00", number: "1", summary: "Initial version", }, { date: "2017-04-12T12:24:45+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T10:45:56+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Client Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product: { name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server (v. 7)", product: { name: "Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", product: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", product_id: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.4?arch=x86_64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", product: { name: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", product_id: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.4?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", product: { name: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", product_id: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.4?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-0:2.4.6-45.el7_3.4.x86_64", product: { name: "httpd-0:2.4.6-45.el7_3.4.x86_64", product_id: "httpd-0:2.4.6-45.el7_3.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.4?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", product: { name: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", product_id: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.4?arch=x86_64", }, }, }, { category: "product_version", name: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", product: { name: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", product_id: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.4?arch=x86_64", }, }, }, { category: "product_version", name: "mod_session-0:2.4.6-45.el7_3.4.x86_64", product: { name: "mod_session-0:2.4.6-45.el7_3.4.x86_64", product_id: "mod_session-0:2.4.6-45.el7_3.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.4?arch=x86_64", }, }, }, { category: "product_version", name: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", product: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", product_id: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.4?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", product: { name: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", product_id: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.4.6-45.el7_3.4?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "httpd-0:2.4.6-45.el7_3.4.src", product: { name: "httpd-0:2.4.6-45.el7_3.4.src", product_id: "httpd-0:2.4.6-45.el7_3.4.src", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.4?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", product: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", product_id: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.4?arch=s390x", }, }, }, { category: "product_version", name: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", product: { name: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", product_id: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.4?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", product: { name: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", product_id: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.4?arch=s390x", }, }, }, { category: "product_version", name: "httpd-0:2.4.6-45.el7_3.4.s390x", product: { name: "httpd-0:2.4.6-45.el7_3.4.s390x", product_id: "httpd-0:2.4.6-45.el7_3.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.4?arch=s390x", }, }, }, { category: "product_version", name: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", product: { name: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", product_id: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.4?arch=s390x", }, }, }, { category: "product_version", name: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", product: { name: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", product_id: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.4?arch=s390x", }, }, }, { category: "product_version", name: "mod_session-0:2.4.6-45.el7_3.4.s390x", product: { name: "mod_session-0:2.4.6-45.el7_3.4.s390x", product_id: "mod_session-0:2.4.6-45.el7_3.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.4?arch=s390x", }, }, }, { category: "product_version", name: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", product: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", product_id: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.4?arch=s390x&epoch=1", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", product: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", product_id: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.4?arch=ppc64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", product: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", product_id: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.4?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", product: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", product_id: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.4?arch=ppc64", }, }, }, { category: "product_version", name: "httpd-0:2.4.6-45.el7_3.4.ppc64", product: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64", product_id: "httpd-0:2.4.6-45.el7_3.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.4?arch=ppc64", }, }, }, { category: "product_version", name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", product: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", product_id: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.4?arch=ppc64", }, }, }, { category: "product_version", name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", product: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", product_id: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.4?arch=ppc64", }, }, }, { category: "product_version", name: "mod_session-0:2.4.6-45.el7_3.4.ppc64", product: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64", product_id: "mod_session-0:2.4.6-45.el7_3.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.4?arch=ppc64", }, }, }, { category: "product_version", name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", product: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", product_id: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.4?arch=ppc64&epoch=1", }, }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", product: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", product_id: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.4?arch=ppc64le", }, }, }, { category: "product_version", name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", product: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", product_id: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.4?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", product: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", product_id: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.4?arch=ppc64le", }, }, }, { category: "product_version", name: "httpd-0:2.4.6-45.el7_3.4.ppc64le", product: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64le", product_id: "httpd-0:2.4.6-45.el7_3.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.4?arch=ppc64le", }, }, }, { category: "product_version", name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", product: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", product_id: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.4?arch=ppc64le", }, }, }, { category: "product_version", name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", product: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", product_id: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.4?arch=ppc64le", }, }, }, { category: "product_version", name: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", product: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", product_id: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.4?arch=ppc64le", }, }, }, { category: "product_version", name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", product: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", product_id: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.4?arch=ppc64le&epoch=1", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", product: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", product_id: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.4?arch=aarch64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", product: { name: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", product_id: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.4?arch=aarch64&epoch=1", }, }, }, { category: "product_version", name: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", product: { name: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", product_id: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.4?arch=aarch64", }, }, }, { category: "product_version", name: "httpd-0:2.4.6-45.el7_3.4.aarch64", product: { name: "httpd-0:2.4.6-45.el7_3.4.aarch64", product_id: "httpd-0:2.4.6-45.el7_3.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.4?arch=aarch64", }, }, }, { category: "product_version", name: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", product: { name: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", product_id: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.4?arch=aarch64", }, }, }, { category: "product_version", name: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", product: { name: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", product_id: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.4?arch=aarch64", }, }, }, { category: "product_version", name: "mod_session-0:2.4.6-45.el7_3.4.aarch64", product: { name: "mod_session-0:2.4.6-45.el7_3.4.aarch64", product_id: "mod_session-0:2.4.6-45.el7_3.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.4?arch=aarch64", }, }, }, { category: "product_version", name: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", product: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", product_id: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.4?arch=aarch64&epoch=1", }, }, }, ], category: "architecture", name: "aarch64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.src", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.4.6-45.el7_3.4.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", }, product_reference: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Client-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.src", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.4.6-45.el7_3.4.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", }, product_reference: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7ComputeNode-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.src as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.src", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.4.6-45.el7_3.4.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", }, product_reference: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.src", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.4.6-45.el7_3.4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", }, product_reference: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.src", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.4.6-45.el7_3.4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", }, product_reference: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.src", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.4.6-45.el7_3.4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", }, product_reference: "httpd-manual-0:2.4.6-45.el7_3.4.noarch", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_session-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_session-0:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.s390x", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", product_id: "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", }, product_reference: "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", relates_to_product_reference: "7Workstation-optional-7.3.Z", }, ], }, vulnerabilities: [ { cve: "CVE-2016-0736", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2016-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1406744", }, ], notes: [ { category: "description", text: "It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack.", title: "Vulnerability description", }, { category: "summary", text: "httpd: Padding Oracle in Apache mod_session_crypto", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-0736", }, { category: "external", summary: "RHBZ#1406744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406744", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-0736", url: "https://www.cve.org/CVERecord?id=CVE-2016-0736", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-0736", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-0736", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25", url: "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25", }, { category: "external", summary: "https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt", url: "https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt", }, ], release_date: "2016-12-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-12T12:24:45+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0906", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: Padding Oracle in Apache mod_session_crypto", }, { cve: "CVE-2016-2161", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2016-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1406753", }, ], notes: [ { category: "description", text: "It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication.", title: "Vulnerability description", }, { category: "summary", text: "httpd: DoS vulnerability in mod_auth_digest", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-2161", }, { category: "external", summary: "RHBZ#1406753", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406753", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-2161", url: "https://www.cve.org/CVERecord?id=CVE-2016-2161", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-2161", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-2161", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25", url: "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25", }, ], release_date: "2016-12-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-12T12:24:45+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0906", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: DoS vulnerability in mod_auth_digest", }, { cve: "CVE-2016-4975", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2016-09-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1375968", }, ], notes: [ { category: "description", text: "It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data.", title: "Vulnerability description", }, { category: "summary", text: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-4975", }, { category: "external", summary: "RHBZ#1375968", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1375968", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-4975", url: "https://www.cve.org/CVERecord?id=CVE-2016-4975", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", }, ], release_date: "2018-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-12T12:24:45+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0906", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", }, { cve: "CVE-2016-8743", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2016-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1406822", }, ], notes: [ { category: "description", text: "It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning.", title: "Vulnerability description", }, { category: "summary", text: "httpd: Apache HTTP Request Parsing Whitespace Defects", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8743", }, { category: "external", summary: "RHBZ#1406822", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406822", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8743", url: "https://www.cve.org/CVERecord?id=CVE-2016-8743", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8743", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8743", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25", url: "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25", }, ], release_date: "2016-12-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-12T12:24:45+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0906", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", version: "3.0", }, products: [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: Apache HTTP Request Parsing Whitespace Defects", }, ], }
rhsa-2018:2486
Vulnerability from csaf_redhat
Published
2018-08-16 16:06
Modified
2025-01-09 05:42
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update
Notes
Topic
Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages for Microsoft Windows and Oracle Solaris are now available.
Red Hat Product Security has rated this release as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
This release adds the new Apache HTTP Server 2.4.29 packages that are part
of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services
Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer
to the Release Notes for information on the most significant bug fixes,
enhancements and component upgrades included in this release.
Security Fix(es):
* expat: Out-of-bounds heap read on crafted input causing crash (CVE-2016-0718)
* curl: escape and unescape integer overflows (CVE-2016-7167)
* curl: Cookie injection for other servers (CVE-2016-8615)
* curl: Case insensitive password comparison (CVE-2016-8616)
* curl: Out-of-bounds write via unchecked multiplication (CVE-2016-8617)
* curl: Double-free in curl_maprintf (CVE-2016-8618)
* curl: Double-free in krb5 code (CVE-2016-8619)
* curl: curl_getdate out-of-bounds read (CVE-2016-8621)
* curl: URL unescape heap overflow via integer truncation (CVE-2016-8622)
* curl: Use-after-free via shared cookies (CVE-2016-8623)
* curl: Invalid URL parsing with '#' (CVE-2016-8624)
* curl: IDNA 2003 makes curl use wrong host (CVE-2016-8625)
* libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS) (CVE-2016-9598)
* pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3) (CVE-2017-6004)
* pcre: Invalid Unicode property lookup (8.41/7, 10.24/2) (CVE-2017-7186)
* pcre: invalid memory read in_pcre32_xclass (pcre_xclass.c) (CVE-2017-7244)
* pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7245)
* pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7246)
* curl: FTP PWD response parser out of bounds read (CVE-2017-1000254)
* curl: IMAP FETCH response out of bounds read (CVE-2017-1000257)
* curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP (CVE-2018-0500)
Details around this issue, including information about the CVE, severity of
the issue, and the CVSS score can be found on the CVE page listed in the
Reference section below.
The following packages have been upgraded to a newer upstream version:
* Curl (7.57.0)
* OpenSSL (1.0.2n)
* Expat (2.2.5)
* PCRE (8.41)
* libxml2 (2.9.7)
Acknowledgements:
CVE-2017-1000254: Red Hat would like to thank Daniel Stenberg for reporting this issue.
Upstream acknowledges Max Dymond as the original reporter.
CVE-2017-1000257: Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Brian Carpenter, (the OSS-Fuzz project) as the original reporter.
CVE-2018-0500: Red Hat would like to thank the Curl project for reporting this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages for Microsoft Windows and Oracle Solaris are now available.\n\nRed Hat Product Security has rated this release as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer\nto the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release.\n\nSecurity Fix(es):\n\n* expat: Out-of-bounds heap read on crafted input causing crash (CVE-2016-0718)\n* curl: escape and unescape integer overflows (CVE-2016-7167)\n* curl: Cookie injection for other servers (CVE-2016-8615)\n* curl: Case insensitive password comparison (CVE-2016-8616)\n* curl: Out-of-bounds write via unchecked multiplication (CVE-2016-8617)\n* curl: Double-free in curl_maprintf (CVE-2016-8618)\n* curl: Double-free in krb5 code (CVE-2016-8619)\n* curl: curl_getdate out-of-bounds read (CVE-2016-8621)\n* curl: URL unescape heap overflow via integer truncation (CVE-2016-8622)\n* curl: Use-after-free via shared cookies (CVE-2016-8623)\n* curl: Invalid URL parsing with '#' (CVE-2016-8624)\n* curl: IDNA 2003 makes curl use wrong host (CVE-2016-8625)\n* libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS) (CVE-2016-9598)\n* pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3) (CVE-2017-6004)\n* pcre: Invalid Unicode property lookup (8.41/7, 10.24/2) (CVE-2017-7186)\n* pcre: invalid memory read in_pcre32_xclass (pcre_xclass.c) (CVE-2017-7244)\n* pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7245)\n* pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7246)\n* curl: FTP PWD response parser out of bounds read (CVE-2017-1000254)\n* curl: IMAP FETCH response out of bounds read (CVE-2017-1000257)\n* curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP (CVE-2018-0500)\n\nDetails around this issue, including information about the CVE, severity of\nthe issue, and the CVSS score can be found on the CVE page listed in the\nReference section below.\n\nThe following packages have been upgraded to a newer upstream version:\n* Curl (7.57.0)\n* OpenSSL (1.0.2n)\n* Expat (2.2.5)\n* PCRE (8.41)\n* libxml2 (2.9.7)\n\nAcknowledgements:\n\nCVE-2017-1000254: Red Hat would like to thank Daniel Stenberg for reporting this issue.\nUpstream acknowledges Max Dymond as the original reporter.\nCVE-2017-1000257: Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Brian Carpenter, (the OSS-Fuzz project) as the original reporter.\nCVE-2018-0500: Red Hat would like to thank the Curl project for reporting this issue.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2018:2486", url: "https://access.redhat.com/errata/RHSA-2018:2486", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/html-single/red_hat_jboss_core_services_apache_http_server_2.4.29_release_notes/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/html-single/red_hat_jboss_core_services_apache_http_server_2.4.29_release_notes/", }, { category: "external", summary: "1296102", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1296102", }, { category: "external", summary: "1375906", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1375906", }, { category: "external", summary: "1388370", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388370", }, { category: "external", summary: "1388371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388371", }, { category: "external", summary: "1388377", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388377", }, { category: "external", summary: "1388378", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388378", }, { category: "external", summary: "1388379", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388379", }, { category: "external", summary: "1388385", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388385", }, { category: "external", summary: "1388386", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388386", }, { category: "external", summary: "1388388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388388", }, { category: "external", summary: "1388390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388390", }, { category: "external", summary: "1388392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388392", }, { category: "external", summary: "1408306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1408306", }, { category: "external", summary: "1425365", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1425365", }, { category: "external", summary: "1434504", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1434504", }, { category: "external", summary: "1437364", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1437364", }, { category: "external", summary: "1437367", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1437367", }, { category: "external", summary: "1437369", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1437369", }, { category: "external", summary: "1495541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1495541", }, { category: "external", summary: "1503705", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503705", }, { category: "external", summary: "1597101", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1597101", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2486.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update", tracking: { current_release_date: "2025-01-09T05:42:49+00:00", generator: { date: "2025-01-09T05:42:49+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2018:2486", initial_release_date: "2018-08-16T16:06:16+00:00", revision_history: [ { date: "2018-08-16T16:06:16+00:00", number: "1", summary: "Initial version", }, { date: "2018-08-16T16:06:16+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-09T05:42:49+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Text-Only JBCS", product: { name: "Text-Only JBCS", product_id: "Text-Only JBCS", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_core_services:1", }, }, }, ], category: "product_family", name: "Red Hat JBoss Core Services", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Gustavo Grieco", ], }, ], cve: "CVE-2016-0718", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2016-01-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1296102", }, ], notes: [ { category: "description", text: "An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application.", title: "Vulnerability description", }, { category: "summary", text: "expat: Out-of-bounds heap read on crafted input causing crash", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-0718", }, { category: "external", summary: "RHBZ#1296102", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1296102", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-0718", url: "https://www.cve.org/CVERecord?id=CVE-2016-0718", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-0718", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-0718", }, ], release_date: "2016-05-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "expat: Out-of-bounds heap read on crafted input causing crash", }, { cve: "CVE-2016-4975", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2016-09-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1375968", }, ], notes: [ { category: "description", text: "It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data.", title: "Vulnerability description", }, { category: "summary", text: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-4975", }, { category: "external", summary: "RHBZ#1375968", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1375968", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-4975", url: "https://www.cve.org/CVERecord?id=CVE-2016-4975", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", }, ], release_date: "2018-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", }, { cve: "CVE-2016-5131", discovery_date: "2016-07-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1358641", }, ], notes: [ { category: "description", text: "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free triggered by XPointer paths beginning with range-to", title: "Vulnerability summary", }, { category: "other", text: "This flaw in libxml2 requires exposing the library to XPath/XPointer expressions from an untrusted source, which is not common in practice for applications using libxml2. For libxml2, Red Hat Product Security has rated this vulnerability as Moderate severity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-5131", }, { category: "external", summary: "RHBZ#1358641", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-5131", url: "https://www.cve.org/CVERecord?id=CVE-2016-5131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", }, { category: "external", summary: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", url: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", }, ], release_date: "2016-07-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libxml2: Use after free triggered by XPointer paths beginning with range-to", }, { cve: "CVE-2016-7167", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2016-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1375906", }, ], notes: [ { category: "description", text: "Multiple integer overflow flaws leading to heap-based buffer overflows were found in the way curl handled escaping and unescaping of data. An attacker could potentially use these flaws to crash an application using libcurl by sending a specially crafted input to the affected libcurl functions.", title: "Vulnerability description", }, { category: "summary", text: "curl: escape and unescape integer overflows", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-7167", }, { category: "external", summary: "RHBZ#1375906", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1375906", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-7167", url: "https://www.cve.org/CVERecord?id=CVE-2016-7167", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-7167", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-7167", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20160914.html", url: "https://curl.haxx.se/docs/adv_20160914.html", }, ], release_date: "2016-09-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 2.9, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: escape and unescape integer overflows", }, { cve: "CVE-2016-8615", cwe: { id: "CWE-99", name: "Improper Control of Resource Identifiers ('Resource Injection')", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388370", }, ], notes: [ { category: "description", text: "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", title: "Vulnerability description", }, { category: "summary", text: "curl: Cookie injection for other servers", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8615", }, { category: "external", summary: "RHBZ#1388370", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388370", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8615", url: "https://www.cve.org/CVERecord?id=CVE-2016-8615", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8615", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8615", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102A.html", url: "https://curl.haxx.se/docs/adv_20161102A.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: Cookie injection for other servers", }, { cve: "CVE-2016-8616", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388371", }, ], notes: [ { category: "description", text: "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", title: "Vulnerability description", }, { category: "summary", text: "curl: Case insensitive password comparison", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8616", }, { category: "external", summary: "RHBZ#1388371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388371", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8616", url: "https://www.cve.org/CVERecord?id=CVE-2016-8616", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8616", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8616", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102B.html", url: "https://curl.haxx.se/docs/adv_20161102B.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: Case insensitive password comparison", }, { cve: "CVE-2016-8617", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388377", }, ], notes: [ { category: "description", text: "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", title: "Vulnerability description", }, { category: "summary", text: "curl: Out-of-bounds write via unchecked multiplication", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8617", }, { category: "external", summary: "RHBZ#1388377", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388377", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8617", url: "https://www.cve.org/CVERecord?id=CVE-2016-8617", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8617", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8617", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102C.html", url: "https://curl.haxx.se/docs/adv_20161102C.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: Out-of-bounds write via unchecked multiplication", }, { cve: "CVE-2016-8618", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388378", }, ], notes: [ { category: "description", text: "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", title: "Vulnerability description", }, { category: "summary", text: "curl: Double-free in curl_maprintf", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8618", }, { category: "external", summary: "RHBZ#1388378", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388378", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8618", url: "https://www.cve.org/CVERecord?id=CVE-2016-8618", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8618", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8618", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102D.html", url: "https://curl.haxx.se/docs/adv_20161102D.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: Double-free in curl_maprintf", }, { cve: "CVE-2016-8619", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388379", }, ], notes: [ { category: "description", text: "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", title: "Vulnerability description", }, { category: "summary", text: "curl: Double-free in krb5 code", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8619", }, { category: "external", summary: "RHBZ#1388379", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388379", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8619", url: "https://www.cve.org/CVERecord?id=CVE-2016-8619", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8619", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8619", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102E.html", url: "https://curl.haxx.se/docs/adv_20161102E.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: Double-free in krb5 code", }, { cve: "CVE-2016-8621", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388385", }, ], notes: [ { category: "description", text: "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", title: "Vulnerability description", }, { category: "summary", text: "curl: curl_getdate out-of-bounds read", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8621", }, { category: "external", summary: "RHBZ#1388385", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388385", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8621", url: "https://www.cve.org/CVERecord?id=CVE-2016-8621", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8621", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8621", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102G.html", url: "https://curl.haxx.se/docs/adv_20161102G.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: curl_getdate out-of-bounds read", }, { cve: "CVE-2016-8622", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388386", }, ], notes: [ { category: "description", text: "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.", title: "Vulnerability description", }, { category: "summary", text: "curl: URL unescape heap overflow via integer truncation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8622", }, { category: "external", summary: "RHBZ#1388386", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388386", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8622", url: "https://www.cve.org/CVERecord?id=CVE-2016-8622", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8622", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8622", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102H.html", url: "https://curl.haxx.se/docs/adv_20161102H.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: URL unescape heap overflow via integer truncation", }, { cve: "CVE-2016-8623", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388388", }, ], notes: [ { category: "description", text: "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", title: "Vulnerability description", }, { category: "summary", text: "curl: Use-after-free via shared cookies", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8623", }, { category: "external", summary: "RHBZ#1388388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388388", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8623", url: "https://www.cve.org/CVERecord?id=CVE-2016-8623", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8623", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8623", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102I.html", url: "https://curl.haxx.se/docs/adv_20161102I.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: Use-after-free via shared cookies", }, { cve: "CVE-2016-8624", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388390", }, ], notes: [ { category: "description", text: "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", title: "Vulnerability description", }, { category: "summary", text: "curl: Invalid URL parsing with '#'", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8624", }, { category: "external", summary: "RHBZ#1388390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388390", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8624", url: "https://www.cve.org/CVERecord?id=CVE-2016-8624", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8624", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8624", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102J.html", url: "https://curl.haxx.se/docs/adv_20161102J.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: Invalid URL parsing with '#'", }, { cve: "CVE-2016-8625", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388392", }, ], notes: [ { category: "description", text: "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", title: "Vulnerability description", }, { category: "summary", text: "curl: IDNA 2003 makes curl use wrong host", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8625", }, { category: "external", summary: "RHBZ#1388392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8625", url: "https://www.cve.org/CVERecord?id=CVE-2016-8625", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8625", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8625", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102K.html", url: "https://curl.haxx.se/docs/adv_20161102K.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: IDNA 2003 makes curl use wrong host", }, { cve: "CVE-2016-9318", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2016-11-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1395609", }, ], notes: [ { category: "description", text: "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: XML External Entity vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-9318", }, { category: "external", summary: "RHBZ#1395609", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1395609", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-9318", url: "https://www.cve.org/CVERecord?id=CVE-2016-9318", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-9318", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-9318", }, ], release_date: "2016-10-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, { category: "workaround", details: "Application parsing untrusted input with libxml2 should be careful to NOT use entity expansion (enabled by XML_PARSE_NOENT) or DTD validation (XML_PARSE_DTDLOAD, XML_PARSE_DTDVALID) on such input.", product_ids: [ "Text-Only JBCS", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: XML External Entity vulnerability", }, { cve: "CVE-2016-9596", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2016-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1408302", }, ], notes: [ { category: "description", text: "libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: stack exhaustion while parsing xml files in recovery mode (unfixed CVE-2016-3627 in JBCS)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-9596", }, { category: "external", summary: "RHBZ#1408302", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1408302", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-9596", url: "https://www.cve.org/CVERecord?id=CVE-2016-9596", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-9596", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-9596", }, ], release_date: "2016-03-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: stack exhaustion while parsing xml files in recovery mode (unfixed CVE-2016-3627 in JBCS)", }, { cve: "CVE-2016-9597", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2016-04-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1408305", }, ], notes: [ { category: "description", text: "It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: stack overflow before detecting invalid XML file (unfixed CVE-2016-3705 in JBCS)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-9597", }, { category: "external", summary: "RHBZ#1408305", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1408305", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-9597", url: "https://www.cve.org/CVERecord?id=CVE-2016-9597", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-9597", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-9597", }, ], release_date: "2016-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: stack overflow before detecting invalid XML file (unfixed CVE-2016-3705 in JBCS)", }, { cve: "CVE-2016-9598", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2016-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1408306", }, ], notes: [ { category: "description", text: "libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-9598", }, { category: "external", summary: "RHBZ#1408306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1408306", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-9598", url: "https://www.cve.org/CVERecord?id=CVE-2016-9598", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-9598", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-9598", }, ], release_date: "2016-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS)", }, { cve: "CVE-2017-6004", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2017-02-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1425365", }, ], notes: [ { category: "description", text: "The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.", title: "Vulnerability description", }, { category: "summary", text: "pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-6004", }, { category: "external", summary: "RHBZ#1425365", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1425365", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-6004", url: "https://www.cve.org/CVERecord?id=CVE-2017-6004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-6004", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-6004", }, ], release_date: "2017-02-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)", }, { cve: "CVE-2017-7186", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2017-03-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1434504", }, ], notes: [ { category: "description", text: "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.", title: "Vulnerability description", }, { category: "summary", text: "pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7186", }, { category: "external", summary: "RHBZ#1434504", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1434504", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7186", url: "https://www.cve.org/CVERecord?id=CVE-2017-7186", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7186", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7186", }, ], release_date: "2017-02-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)", }, { cve: "CVE-2017-7244", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2017-03-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1437364", }, ], notes: [ { category: "description", text: "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", title: "Vulnerability description", }, { category: "summary", text: "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7244", }, { category: "external", summary: "RHBZ#1437364", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1437364", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7244", url: "https://www.cve.org/CVERecord?id=CVE-2017-7244", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7244", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7244", }, { category: "external", summary: "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", url: "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", }, ], release_date: "2017-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", }, { cve: "CVE-2017-7245", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2017-03-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1437367", }, ], notes: [ { category: "description", text: "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", title: "Vulnerability description", }, { category: "summary", text: "pcre: stack-based buffer overflow write in pcre32_copy_substring", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7245", }, { category: "external", summary: "RHBZ#1437367", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1437367", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7245", url: "https://www.cve.org/CVERecord?id=CVE-2017-7245", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7245", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7245", }, { category: "external", summary: "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", url: "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", }, ], release_date: "2017-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "pcre: stack-based buffer overflow write in pcre32_copy_substring", }, { cve: "CVE-2017-7246", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2017-03-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1437369", }, ], notes: [ { category: "description", text: "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", title: "Vulnerability description", }, { category: "summary", text: "pcre: stack-based buffer overflow write in pcre32_copy_substring", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7246", }, { category: "external", summary: "RHBZ#1437369", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1437369", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7246", url: "https://www.cve.org/CVERecord?id=CVE-2017-7246", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7246", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7246", }, { category: "external", summary: "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", url: "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", }, ], release_date: "2017-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "pcre: stack-based buffer overflow write in pcre32_copy_substring", }, { cve: "CVE-2017-9047", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2017-05-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1452554", }, ], notes: [ { category: "description", text: "A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Buffer overflow in function xmlSnprintfElementContent", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability exists in the DTD validation functionality of libxml2. Applications that do not attempt to validate untrusted documents are not impacted.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-9047", }, { category: "external", summary: "RHBZ#1452554", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1452554", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-9047", url: "https://www.cve.org/CVERecord?id=CVE-2017-9047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-9047", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-9047", }, ], release_date: "2017-05-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Buffer overflow in function xmlSnprintfElementContent", }, { cve: "CVE-2017-9048", cwe: { id: "CWE-121", name: "Stack-based Buffer Overflow", }, discovery_date: "2017-05-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1452549", }, ], notes: [ { category: "description", text: "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability exists in the DTD validation functionality of libxml2. Applications that do not attempt to validate untrusted documents are not impacted.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-9048", }, { category: "external", summary: "RHBZ#1452549", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1452549", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-9048", url: "https://www.cve.org/CVERecord?id=CVE-2017-9048", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-9048", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-9048", }, ], release_date: "2017-05-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent", }, { cve: "CVE-2017-9049", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2017-05-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1452556", }, ], notes: [ { category: "description", text: "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-9049", }, { category: "external", summary: "RHBZ#1452556", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1452556", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-9049", url: "https://www.cve.org/CVERecord?id=CVE-2017-9049", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-9049", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-9049", }, ], release_date: "2017-05-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey", }, { cve: "CVE-2017-9050", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2017-05-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1452553", }, ], notes: [ { category: "description", text: "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Heap-based buffer over-read in function xmlDictAddString", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-9050", }, { category: "external", summary: "RHBZ#1452553", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1452553", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-9050", url: "https://www.cve.org/CVERecord?id=CVE-2017-9050", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-9050", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-9050", }, ], release_date: "2017-05-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Heap-based buffer over-read in function xmlDictAddString", }, { cve: "CVE-2017-18258", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-04-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1566749", }, ], notes: [ { category: "description", text: "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18258", }, { category: "external", summary: "RHBZ#1566749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1566749", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18258", url: "https://www.cve.org/CVERecord?id=CVE-2017-18258", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", }, ], release_date: "2017-09-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", }, { acknowledgments: [ { names: [ "the Curl project", ], }, { names: [ "Max Dymond", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2017-1000254", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2017-09-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1495541", }, ], notes: [ { category: "description", text: "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", title: "Vulnerability description", }, { category: "summary", text: "curl: FTP PWD response parser out of bounds read", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-1000254", }, { category: "external", summary: "RHBZ#1495541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1495541", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-1000254", url: "https://www.cve.org/CVERecord?id=CVE-2017-1000254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-1000254", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-1000254", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20171004.html", url: "https://curl.haxx.se/docs/adv_20171004.html", }, ], release_date: "2017-10-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: FTP PWD response parser out of bounds read", }, { acknowledgments: [ { names: [ "the Curl project", ], }, { names: [ "Brian Carpenter", "the OSS-Fuzz project", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2017-1000257", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2017-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1503705", }, ], notes: [ { category: "description", text: "A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application.", title: "Vulnerability description", }, { category: "summary", text: "curl: IMAP FETCH response out of bounds read", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-1000257", }, { category: "external", summary: "RHBZ#1503705", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503705", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-1000257", url: "https://www.cve.org/CVERecord?id=CVE-2017-1000257", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-1000257", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-1000257", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20171023.html", url: "https://curl.haxx.se/docs/adv_20171023.html", }, ], release_date: "2017-10-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, { category: "workaround", details: "Switch off IMAP in `CURLOPT_PROTOCOLS`", product_ids: [ "Text-Only JBCS", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: IMAP FETCH response out of bounds read", }, { acknowledgments: [ { names: [ "the Curl project", ], }, { names: [ "Peter Wu", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2018-0500", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2018-07-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1597101", }, ], notes: [ { category: "description", text: "A heap-based buffer overflow has been found in the Curl_smtp_escape_eob() function of curl. An attacker could exploit this by convincing a user to use curl to upload data over SMTP with a reduced buffer to cause a crash or corrupt memory.", title: "Vulnerability description", }, { category: "summary", text: "curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of curl/libcurl as shipped with Red Hat Enterprise Linux 5, 6 and 7 as they did not include the vulnerable code.\n\nThis issue did not affect the versions of curl/libcurl as shipped with Red Hat Software Collections 3 as they did not include the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-0500", }, { category: "external", summary: "RHBZ#1597101", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1597101", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-0500", url: "https://www.cve.org/CVERecord?id=CVE-2018-0500", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-0500", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-0500", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_2018-70a2.html", url: "https://curl.haxx.se/docs/adv_2018-70a2.html", }, ], release_date: "2018-07-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP", }, ], }
rhsa-2018:2186
Vulnerability from csaf_redhat
Published
2018-07-12 16:14
Modified
2025-01-09 05:42
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update
Notes
Topic
Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this release as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
This release adds the new Apache HTTP Server 2.4.29 packages that are part
of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services
Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes,
enhancements and component upgrades included in this release.
This release upgrades OpenSSL to version 1.0.2.n
Security Fix(es):
* openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)
* openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)
* openssl: certificate message OOB reads (CVE-2016-6306)
* openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)
* openssl: Truncated packet could crash via OOB read (CVE-2017-3731)
* openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
* openssl: Read/write after SSL object in error state (CVE-2017-3737)
* openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6306
and CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this release as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release.\n\nThis release upgrades OpenSSL to version 1.0.2.n\n\nSecurity Fix(es):\n\n* openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)\n\n* openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)\n\n* openssl: certificate message OOB reads (CVE-2016-6306)\n\n* openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)\n\n* openssl: Truncated packet could crash via OOB read (CVE-2017-3731)\n\n* openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)\n\n* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)\n\n* openssl: Read/write after SSL object in error state (CVE-2017-3737)\n\n* openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6306 \nand CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2018:2186", url: "https://access.redhat.com/errata/RHSA-2018:2186", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/", }, { category: "external", summary: "1367340", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1367340", }, { category: "external", summary: "1369855", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1369855", }, { category: "external", summary: "1377594", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1377594", }, { category: "external", summary: "1393929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1393929", }, { category: "external", summary: "1416852", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416852", }, { category: "external", summary: "1416856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416856", }, { category: "external", summary: "1509169", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1509169", }, { category: "external", summary: "1523504", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523504", }, { category: "external", summary: "1523510", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523510", }, { category: "external", summary: "JBCS-372", url: "https://issues.redhat.com/browse/JBCS-372", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2186.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update", tracking: { current_release_date: "2025-01-09T05:42:17+00:00", generator: { date: "2025-01-09T05:42:17+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2018:2186", initial_release_date: "2018-07-12T16:14:52+00:00", revision_history: [ { date: "2018-07-12T16:14:52+00:00", number: "1", summary: "Initial version", }, { date: "2018-07-12T16:14:52+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-09T05:42:17+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Core Services on RHEL 6 Server", product: { name: "Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_core_services:1::el6", }, }, }, ], category: "product_family", name: "Red Hat JBoss Core Services", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt-debuginfo@2.4.1-19.GA.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt@2.4.1-19.GA.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-17.GA.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx-debuginfo@0.9.6-17.GA.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb@5.4-36.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb-debuginfo@5.4-36.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_2.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.8-1.Final_redhat_2.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.43-1.redhat_1.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.43-1.redhat_1.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.43-1.redhat_1.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-14.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-14.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-14.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", product_id: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2n-11.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", product_id: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2n-11.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", product_id: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-11.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", product_id: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2n-11.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", product_id: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2n-11.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", product_id: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2n-11.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", product_id: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-8.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", product_id: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.29.0-8.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", product_id: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.29.0-8.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-23.GA.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.1-23.GA.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.29-17.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.29-17.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.29-17.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.29-17.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.29-17.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.29-17.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.29-17.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-17.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.29-17.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-1.redhat_2.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo@1.1.0-1.redhat_2.jbcs.el6?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt-debuginfo@2.4.1-19.GA.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt@2.4.1-19.GA.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-17.GA.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx-debuginfo@0.9.6-17.GA.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb@5.4-36.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb-debuginfo@5.4-36.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_2.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.8-1.Final_redhat_2.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.43-1.redhat_1.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.43-1.redhat_1.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.43-1.redhat_1.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-14.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-14.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-14.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", product: { name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", product_id: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2n-11.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", product: { name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", product_id: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2n-11.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", product: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", product_id: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-11.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", product: { name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", product_id: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2n-11.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", product: { name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", product_id: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2n-11.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", product: { name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", product_id: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2n-11.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", product: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", product_id: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-8.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", product: { name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", product_id: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.29.0-8.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", product: { name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", product_id: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.29.0-8.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-23.GA.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.1-23.GA.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.29-17.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.29-17.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.29-17.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.29-17.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.29-17.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.29-17.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.29-17.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-17.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.29-17.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-1.redhat_2.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo@1.1.0-1.redhat_2.jbcs.el6?arch=i686&epoch=1", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", product: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", product_id: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt@2.4.1-19.GA.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", product: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", product_id: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-17.GA.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", product: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", product_id: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb@5.4-36.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", product: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", product_id: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_2.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", product: { name: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", product_id: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.43-1.redhat_1.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", product: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", product_id: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-14.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", product: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", product_id: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-9.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", product: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", product_id: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-11.jbcs.el6?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", product: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", product_id: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-8.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", product: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", product_id: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-23.GA.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", product: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", product_id: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-17.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-1.redhat_2.jbcs.el6?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", product: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", product_id: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.1.0-1.redhat_2.1.jbcs.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", product: { name: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", product_id: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.29-17.jbcs.el6?arch=noarch", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", product: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", product_id: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.1.0-1.redhat_2.1.jbcs.el6?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", }, product_reference: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", }, product_reference: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", }, product_reference: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", }, product_reference: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", }, product_reference: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", }, product_reference: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", }, product_reference: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", }, product_reference: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", }, product_reference: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", }, product_reference: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", }, product_reference: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", }, product_reference: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", }, product_reference: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", }, product_reference: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, ], }, vulnerabilities: [ { cve: "CVE-2016-2182", cwe: { id: "CWE-391", name: "Unchecked Error Condition", }, discovery_date: "2016-08-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1367340", }, ], notes: [ { category: "description", text: "An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-2182", }, { category: "external", summary: "RHBZ#1367340", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1367340", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-2182", url: "https://www.cve.org/CVERecord?id=CVE-2016-2182", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-2182", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-2182", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20160922.txt", url: "https://www.openssl.org/news/secadv/20160922.txt", }, ], release_date: "2016-08-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()", }, { cve: "CVE-2016-4975", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2016-09-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1375968", }, ], notes: [ { category: "description", text: "It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data.", title: "Vulnerability description", }, { category: "summary", text: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-4975", }, { category: "external", summary: "RHBZ#1375968", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1375968", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-4975", url: "https://www.cve.org/CVERecord?id=CVE-2016-4975", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", }, ], release_date: "2018-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", }, { cve: "CVE-2016-6302", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2016-08-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1369855", }, ], notes: [ { category: "description", text: "An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Insufficient TLS session ticket HMAC length checks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-6302", }, { category: "external", summary: "RHBZ#1369855", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1369855", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-6302", url: "https://www.cve.org/CVERecord?id=CVE-2016-6302", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-6302", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-6302", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20160922.txt", url: "https://www.openssl.org/news/secadv/20160922.txt", }, ], release_date: "2016-08-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Insufficient TLS session ticket HMAC length checks", }, { acknowledgments: [ { names: [ "the OpenSSL project", ], }, { names: [ "Shi Lei", ], organization: "Gear Team of Qihoo 360 Inc.", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2016-6306", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2016-09-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1377594", }, ], notes: [ { category: "description", text: "Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL.", title: "Vulnerability description", }, { category: "summary", text: "openssl: certificate message OOB reads", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-6306", }, { category: "external", summary: "RHBZ#1377594", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1377594", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-6306", url: "https://www.cve.org/CVERecord?id=CVE-2016-6306", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-6306", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-6306", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20160922.txt", url: "https://www.openssl.org/news/secadv/20160922.txt", }, ], release_date: "2016-09-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 1.2, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: certificate message OOB reads", }, { acknowledgments: [ { names: [ "the OpenSSL project", ], }, ], cve: "CVE-2016-7055", cwe: { id: "CWE-682", name: "Incorrect Calculation", }, discovery_date: "2016-10-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1393929", }, ], notes: [ { category: "description", text: "There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Carry propagating bug in Montgomery multiplication", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-7055", }, { category: "external", summary: "RHBZ#1393929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1393929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-7055", url: "https://www.cve.org/CVERecord?id=CVE-2016-7055", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-7055", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-7055", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20161110.txt", url: "https://www.openssl.org/news/secadv/20161110.txt", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20170126.txt", url: "https://www.openssl.org/news/secadv/20170126.txt", }, ], release_date: "2016-10-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: Carry propagating bug in Montgomery multiplication", }, { cve: "CVE-2017-3731", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2017-01-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1416852", }, ], notes: [ { category: "description", text: "An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Truncated packet could crash via OOB read", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3731", }, { category: "external", summary: "RHBZ#1416852", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416852", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3731", url: "https://www.cve.org/CVERecord?id=CVE-2017-3731", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3731", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3731", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20170126.txt", url: "https://www.openssl.org/news/secadv/20170126.txt", }, ], release_date: "2017-01-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Truncated packet could crash via OOB read", }, { cve: "CVE-2017-3732", discovery_date: "2017-01-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1416856", }, ], notes: [ { category: "description", text: "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.", title: "Vulnerability description", }, { category: "summary", text: "openssl: BN_mod_exp may produce incorrect results on x86_64", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3732", }, { category: "external", summary: "RHBZ#1416856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416856", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3732", url: "https://www.cve.org/CVERecord?id=CVE-2017-3732", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3732", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3732", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20170126.txt", url: "https://www.openssl.org/news/secadv/20170126.txt", }, ], release_date: "2017-01-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: BN_mod_exp may produce incorrect results on x86_64", }, { cve: "CVE-2017-3736", cwe: { id: "CWE-682", name: "Incorrect Calculation", }, discovery_date: "2017-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1509169", }, ], notes: [ { category: "description", text: "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.", title: "Vulnerability description", }, { category: "summary", text: "openssl: bn_sqrx8x_internal carry bug on x86_64", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3736", }, { category: "external", summary: "RHBZ#1509169", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1509169", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3736", url: "https://www.cve.org/CVERecord?id=CVE-2017-3736", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3736", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3736", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20171102.txt", url: "https://www.openssl.org/news/secadv/20171102.txt", }, ], release_date: "2017-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: bn_sqrx8x_internal carry bug on x86_64", }, { cve: "CVE-2017-3737", cwe: { id: "CWE-391", name: "Unchecked Error Condition", }, discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523504", }, ], notes: [ { category: "description", text: "OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Read/write after SSL object in error state", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3737", }, { category: "external", summary: "RHBZ#1523504", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523504", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3737", url: "https://www.cve.org/CVERecord?id=CVE-2017-3737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3737", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3737", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20171207.txt", url: "https://www.openssl.org/news/secadv/20171207.txt", }, ], release_date: "2017-12-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Read/write after SSL object in error state", }, { cve: "CVE-2017-3738", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523510", }, ], notes: [ { category: "description", text: "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.", title: "Vulnerability description", }, { category: "summary", text: "openssl: rsaz_1024_mul_avx2 overflow bug on x86_64", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3738", }, { category: "external", summary: "RHBZ#1523510", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523510", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3738", url: "https://www.cve.org/CVERecord?id=CVE-2017-3738", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3738", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3738", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20171207.txt", url: "https://www.openssl.org/news/secadv/20171207.txt", }, ], release_date: "2017-12-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: rsaz_1024_mul_avx2 overflow bug on x86_64", }, ], }
rhsa-2018:2185
Vulnerability from csaf_redhat
Published
2018-07-12 16:14
Modified
2025-01-09 05:42
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 security update
Notes
Topic
Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this release as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
This release adds the new Apache HTTP Server 2.4.29 packages that are part
of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services
Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes,
enhancements and component upgrades included in this release.
This release upgrades OpenSSL to version 1.0.2.n
Security Fix(es):
* openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)
* openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)
* openssl: certificate message OOB reads (CVE-2016-6306)
* openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)
* openssl: Truncated packet could crash via OOB read (CVE-2017-3731)
* openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
* openssl: Read/write after SSL object in error state (CVE-2017-3737)
* openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6306
and CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this release as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release.\n\nThis release upgrades OpenSSL to version 1.0.2.n\n\nSecurity Fix(es):\n\n* openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)\n\n* openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)\n\n* openssl: certificate message OOB reads (CVE-2016-6306)\n\n* openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)\n\n* openssl: Truncated packet could crash via OOB read (CVE-2017-3731)\n\n* openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)\n\n* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)\n\n* openssl: Read/write after SSL object in error state (CVE-2017-3737)\n\n* openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6306 \nand CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2018:2185", url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/", }, { category: "external", summary: "1367340", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1367340", }, { category: "external", summary: "1369855", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1369855", }, { category: "external", summary: "1377594", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1377594", }, { category: "external", summary: "1393929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1393929", }, { category: "external", summary: "1416852", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416852", }, { category: "external", summary: "1416856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416856", }, { category: "external", summary: "1509169", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1509169", }, { category: "external", summary: "1523504", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523504", }, { category: "external", summary: "1523510", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523510", }, { category: "external", summary: "JBCS-373", url: "https://issues.redhat.com/browse/JBCS-373", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2185.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 security update", tracking: { current_release_date: "2025-01-09T05:42:24+00:00", generator: { date: "2025-01-09T05:42:24+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2018:2185", initial_release_date: "2018-07-12T16:14:46+00:00", revision_history: [ { date: "2018-07-12T16:14:46+00:00", number: "1", summary: "Initial version", }, { date: "2018-07-12T16:14:46+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-09T05:42:24+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Core Services on RHEL 7 Server", product: { name: "Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_core_services:1::el7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Core Services", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt-debuginfo@2.4.1-19.GA.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt@2.4.1-19.GA.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-17.GA.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx-debuginfo@0.9.6-17.GA.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb@5.4-36.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb-debuginfo@5.4-36.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_2.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.8-1.Final_redhat_2.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.43-1.redhat_1.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.43-1.redhat_1.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.43-1.redhat_1.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-14.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-14.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-14.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", product_id: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2n-11.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", product_id: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2n-11.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", product_id: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-11.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", product_id: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2n-11.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", product_id: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2n-11.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", product_id: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2n-11.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", product_id: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-8.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", product_id: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.29.0-8.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", product_id: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.29.0-8.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.1-23.GA.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-23.GA.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.29-17.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.29-17.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-1.redhat_2.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo@1.1.0-1.redhat_2.jbcs.el7?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", product: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", product_id: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt@2.4.1-19.GA.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", product: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", product_id: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-17.GA.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", product: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", product_id: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb@5.4-36.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", product: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", product_id: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_2.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", product: { name: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", product_id: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.43-1.redhat_1.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", product: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", product_id: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-14.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", product: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", product_id: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-9.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", product: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", product_id: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-11.jbcs.el7?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", product: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", product_id: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-8.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", product: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", product_id: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-23.GA.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", product: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", product_id: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-17.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-1.redhat_2.jbcs.el7?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", product: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", product_id: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.1.0-1.redhat_2.1.jbcs.el7?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", product: { name: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", product_id: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.29-17.jbcs.el7?arch=noarch", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", product: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", product_id: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.1.0-1.redhat_2.1.jbcs.el7?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", }, product_reference: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", }, product_reference: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", }, product_reference: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", }, product_reference: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", }, product_reference: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", }, product_reference: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", }, product_reference: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", }, product_reference: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", }, product_reference: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", }, product_reference: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", }, product_reference: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", }, product_reference: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", }, product_reference: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", }, product_reference: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, ], }, vulnerabilities: [ { cve: "CVE-2016-2182", cwe: { id: "CWE-391", name: "Unchecked Error Condition", }, discovery_date: "2016-08-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1367340", }, ], notes: [ { category: "description", text: "An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-2182", }, { category: "external", summary: "RHBZ#1367340", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1367340", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-2182", url: "https://www.cve.org/CVERecord?id=CVE-2016-2182", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-2182", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-2182", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20160922.txt", url: "https://www.openssl.org/news/secadv/20160922.txt", }, ], release_date: "2016-08-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()", }, { cve: "CVE-2016-4975", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2016-09-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1375968", }, ], notes: [ { category: "description", text: "It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data.", title: "Vulnerability description", }, { category: "summary", text: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-4975", }, { category: "external", summary: "RHBZ#1375968", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1375968", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-4975", url: "https://www.cve.org/CVERecord?id=CVE-2016-4975", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", }, ], release_date: "2018-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", }, { cve: "CVE-2016-6302", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2016-08-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1369855", }, ], notes: [ { category: "description", text: "An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Insufficient TLS session ticket HMAC length checks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-6302", }, { category: "external", summary: "RHBZ#1369855", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1369855", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-6302", url: "https://www.cve.org/CVERecord?id=CVE-2016-6302", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-6302", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-6302", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20160922.txt", url: "https://www.openssl.org/news/secadv/20160922.txt", }, ], release_date: "2016-08-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Insufficient TLS session ticket HMAC length checks", }, { acknowledgments: [ { names: [ "the OpenSSL project", ], }, { names: [ "Shi Lei", ], organization: "Gear Team of Qihoo 360 Inc.", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2016-6306", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2016-09-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1377594", }, ], notes: [ { category: "description", text: "Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL.", title: "Vulnerability description", }, { category: "summary", text: "openssl: certificate message OOB reads", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-6306", }, { category: "external", summary: "RHBZ#1377594", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1377594", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-6306", url: "https://www.cve.org/CVERecord?id=CVE-2016-6306", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-6306", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-6306", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20160922.txt", url: "https://www.openssl.org/news/secadv/20160922.txt", }, ], release_date: "2016-09-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 1.2, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: certificate message OOB reads", }, { acknowledgments: [ { names: [ "the OpenSSL project", ], }, ], cve: "CVE-2016-7055", cwe: { id: "CWE-682", name: "Incorrect Calculation", }, discovery_date: "2016-10-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1393929", }, ], notes: [ { category: "description", text: "There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Carry propagating bug in Montgomery multiplication", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-7055", }, { category: "external", summary: "RHBZ#1393929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1393929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-7055", url: "https://www.cve.org/CVERecord?id=CVE-2016-7055", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-7055", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-7055", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20161110.txt", url: "https://www.openssl.org/news/secadv/20161110.txt", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20170126.txt", url: "https://www.openssl.org/news/secadv/20170126.txt", }, ], release_date: "2016-10-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: Carry propagating bug in Montgomery multiplication", }, { cve: "CVE-2017-3731", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2017-01-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1416852", }, ], notes: [ { category: "description", text: "An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Truncated packet could crash via OOB read", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3731", }, { category: "external", summary: "RHBZ#1416852", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416852", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3731", url: "https://www.cve.org/CVERecord?id=CVE-2017-3731", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3731", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3731", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20170126.txt", url: "https://www.openssl.org/news/secadv/20170126.txt", }, ], release_date: "2017-01-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Truncated packet could crash via OOB read", }, { cve: "CVE-2017-3732", discovery_date: "2017-01-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1416856", }, ], notes: [ { category: "description", text: "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.", title: "Vulnerability description", }, { category: "summary", text: "openssl: BN_mod_exp may produce incorrect results on x86_64", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3732", }, { category: "external", summary: "RHBZ#1416856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416856", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3732", url: "https://www.cve.org/CVERecord?id=CVE-2017-3732", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3732", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3732", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20170126.txt", url: "https://www.openssl.org/news/secadv/20170126.txt", }, ], release_date: "2017-01-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: BN_mod_exp may produce incorrect results on x86_64", }, { cve: "CVE-2017-3736", cwe: { id: "CWE-682", name: "Incorrect Calculation", }, discovery_date: "2017-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1509169", }, ], notes: [ { category: "description", text: "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.", title: "Vulnerability description", }, { category: "summary", text: "openssl: bn_sqrx8x_internal carry bug on x86_64", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3736", }, { category: "external", summary: "RHBZ#1509169", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1509169", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3736", url: "https://www.cve.org/CVERecord?id=CVE-2017-3736", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3736", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3736", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20171102.txt", url: "https://www.openssl.org/news/secadv/20171102.txt", }, ], release_date: "2017-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: bn_sqrx8x_internal carry bug on x86_64", }, { cve: "CVE-2017-3737", cwe: { id: "CWE-391", name: "Unchecked Error Condition", }, discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523504", }, ], notes: [ { category: "description", text: "OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Read/write after SSL object in error state", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3737", }, { category: "external", summary: "RHBZ#1523504", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523504", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3737", url: "https://www.cve.org/CVERecord?id=CVE-2017-3737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3737", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3737", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20171207.txt", url: "https://www.openssl.org/news/secadv/20171207.txt", }, ], release_date: "2017-12-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Read/write after SSL object in error state", }, { cve: "CVE-2017-3738", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523510", }, ], notes: [ { category: "description", text: "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.", title: "Vulnerability description", }, { category: "summary", text: "openssl: rsaz_1024_mul_avx2 overflow bug on x86_64", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3738", }, { category: "external", summary: "RHBZ#1523510", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523510", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3738", url: "https://www.cve.org/CVERecord?id=CVE-2017-3738", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3738", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3738", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20171207.txt", url: "https://www.openssl.org/news/secadv/20171207.txt", }, ], release_date: "2017-12-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: rsaz_1024_mul_avx2 overflow bug on x86_64", }, ], }
rhsa-2018_2486
Vulnerability from csaf_redhat
Published
2018-08-16 16:06
Modified
2024-11-22 12:14
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update
Notes
Topic
Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages for Microsoft Windows and Oracle Solaris are now available.
Red Hat Product Security has rated this release as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
This release adds the new Apache HTTP Server 2.4.29 packages that are part
of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services
Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer
to the Release Notes for information on the most significant bug fixes,
enhancements and component upgrades included in this release.
Security Fix(es):
* expat: Out-of-bounds heap read on crafted input causing crash (CVE-2016-0718)
* curl: escape and unescape integer overflows (CVE-2016-7167)
* curl: Cookie injection for other servers (CVE-2016-8615)
* curl: Case insensitive password comparison (CVE-2016-8616)
* curl: Out-of-bounds write via unchecked multiplication (CVE-2016-8617)
* curl: Double-free in curl_maprintf (CVE-2016-8618)
* curl: Double-free in krb5 code (CVE-2016-8619)
* curl: curl_getdate out-of-bounds read (CVE-2016-8621)
* curl: URL unescape heap overflow via integer truncation (CVE-2016-8622)
* curl: Use-after-free via shared cookies (CVE-2016-8623)
* curl: Invalid URL parsing with '#' (CVE-2016-8624)
* curl: IDNA 2003 makes curl use wrong host (CVE-2016-8625)
* libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS) (CVE-2016-9598)
* pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3) (CVE-2017-6004)
* pcre: Invalid Unicode property lookup (8.41/7, 10.24/2) (CVE-2017-7186)
* pcre: invalid memory read in_pcre32_xclass (pcre_xclass.c) (CVE-2017-7244)
* pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7245)
* pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7246)
* curl: FTP PWD response parser out of bounds read (CVE-2017-1000254)
* curl: IMAP FETCH response out of bounds read (CVE-2017-1000257)
* curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP (CVE-2018-0500)
Details around this issue, including information about the CVE, severity of
the issue, and the CVSS score can be found on the CVE page listed in the
Reference section below.
The following packages have been upgraded to a newer upstream version:
* Curl (7.57.0)
* OpenSSL (1.0.2n)
* Expat (2.2.5)
* PCRE (8.41)
* libxml2 (2.9.7)
Acknowledgements:
CVE-2017-1000254: Red Hat would like to thank Daniel Stenberg for reporting this issue.
Upstream acknowledges Max Dymond as the original reporter.
CVE-2017-1000257: Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Brian Carpenter, (the OSS-Fuzz project) as the original reporter.
CVE-2018-0500: Red Hat would like to thank the Curl project for reporting this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages for Microsoft Windows and Oracle Solaris are now available.\n\nRed Hat Product Security has rated this release as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer\nto the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release.\n\nSecurity Fix(es):\n\n* expat: Out-of-bounds heap read on crafted input causing crash (CVE-2016-0718)\n* curl: escape and unescape integer overflows (CVE-2016-7167)\n* curl: Cookie injection for other servers (CVE-2016-8615)\n* curl: Case insensitive password comparison (CVE-2016-8616)\n* curl: Out-of-bounds write via unchecked multiplication (CVE-2016-8617)\n* curl: Double-free in curl_maprintf (CVE-2016-8618)\n* curl: Double-free in krb5 code (CVE-2016-8619)\n* curl: curl_getdate out-of-bounds read (CVE-2016-8621)\n* curl: URL unescape heap overflow via integer truncation (CVE-2016-8622)\n* curl: Use-after-free via shared cookies (CVE-2016-8623)\n* curl: Invalid URL parsing with '#' (CVE-2016-8624)\n* curl: IDNA 2003 makes curl use wrong host (CVE-2016-8625)\n* libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS) (CVE-2016-9598)\n* pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3) (CVE-2017-6004)\n* pcre: Invalid Unicode property lookup (8.41/7, 10.24/2) (CVE-2017-7186)\n* pcre: invalid memory read in_pcre32_xclass (pcre_xclass.c) (CVE-2017-7244)\n* pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7245)\n* pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7246)\n* curl: FTP PWD response parser out of bounds read (CVE-2017-1000254)\n* curl: IMAP FETCH response out of bounds read (CVE-2017-1000257)\n* curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP (CVE-2018-0500)\n\nDetails around this issue, including information about the CVE, severity of\nthe issue, and the CVSS score can be found on the CVE page listed in the\nReference section below.\n\nThe following packages have been upgraded to a newer upstream version:\n* Curl (7.57.0)\n* OpenSSL (1.0.2n)\n* Expat (2.2.5)\n* PCRE (8.41)\n* libxml2 (2.9.7)\n\nAcknowledgements:\n\nCVE-2017-1000254: Red Hat would like to thank Daniel Stenberg for reporting this issue.\nUpstream acknowledges Max Dymond as the original reporter.\nCVE-2017-1000257: Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Brian Carpenter, (the OSS-Fuzz project) as the original reporter.\nCVE-2018-0500: Red Hat would like to thank the Curl project for reporting this issue.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2018:2486", url: "https://access.redhat.com/errata/RHSA-2018:2486", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/html-single/red_hat_jboss_core_services_apache_http_server_2.4.29_release_notes/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/html-single/red_hat_jboss_core_services_apache_http_server_2.4.29_release_notes/", }, { category: "external", summary: "1296102", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1296102", }, { category: "external", summary: "1375906", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1375906", }, { category: "external", summary: "1388370", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388370", }, { category: "external", summary: "1388371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388371", }, { category: "external", summary: "1388377", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388377", }, { category: "external", summary: "1388378", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388378", }, { category: "external", summary: "1388379", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388379", }, { category: "external", summary: "1388385", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388385", }, { category: "external", summary: "1388386", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388386", }, { category: "external", summary: "1388388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388388", }, { category: "external", summary: "1388390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388390", }, { category: "external", summary: "1388392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388392", }, { category: "external", summary: "1408306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1408306", }, { category: "external", summary: "1425365", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1425365", }, { category: "external", summary: "1434504", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1434504", }, { category: "external", summary: "1437364", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1437364", }, { category: "external", summary: "1437367", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1437367", }, { category: "external", summary: "1437369", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1437369", }, { category: "external", summary: "1495541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1495541", }, { category: "external", summary: "1503705", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503705", }, { category: "external", summary: "1597101", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1597101", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2486.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update", tracking: { current_release_date: "2024-11-22T12:14:14+00:00", generator: { date: "2024-11-22T12:14:14+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2018:2486", initial_release_date: "2018-08-16T16:06:16+00:00", revision_history: [ { date: "2018-08-16T16:06:16+00:00", number: "1", summary: "Initial version", }, { date: "2018-08-16T16:06:16+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T12:14:14+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Core Services 1", product: { name: "Red Hat JBoss Core Services 1", product_id: "Red Hat JBoss Core Services 1", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_core_services:1", }, }, }, ], category: "product_family", name: "Red Hat JBoss Core Services", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Gustavo Grieco", ], }, ], cve: "CVE-2016-0718", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2016-01-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1296102", }, ], notes: [ { category: "description", text: "An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application.", title: "Vulnerability description", }, { category: "summary", text: "expat: Out-of-bounds heap read on crafted input causing crash", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-0718", }, { category: "external", summary: "RHBZ#1296102", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1296102", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-0718", url: "https://www.cve.org/CVERecord?id=CVE-2016-0718", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-0718", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-0718", }, ], release_date: "2016-05-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "expat: Out-of-bounds heap read on crafted input causing crash", }, { cve: "CVE-2016-4975", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2016-09-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1375968", }, ], notes: [ { category: "description", text: "It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data.", title: "Vulnerability description", }, { category: "summary", text: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-4975", }, { category: "external", summary: "RHBZ#1375968", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1375968", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-4975", url: "https://www.cve.org/CVERecord?id=CVE-2016-4975", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", }, ], release_date: "2018-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", }, { cve: "CVE-2016-5131", discovery_date: "2016-07-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1358641", }, ], notes: [ { category: "description", text: "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free triggered by XPointer paths beginning with range-to", title: "Vulnerability summary", }, { category: "other", text: "This flaw in libxml2 requires exposing the library to XPath/XPointer expressions from an untrusted source, which is not common in practice for applications using libxml2. For libxml2, Red Hat Product Security has rated this vulnerability as Moderate severity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-5131", }, { category: "external", summary: "RHBZ#1358641", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-5131", url: "https://www.cve.org/CVERecord?id=CVE-2016-5131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", }, { category: "external", summary: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", url: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", }, ], release_date: "2016-07-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libxml2: Use after free triggered by XPointer paths beginning with range-to", }, { cve: "CVE-2016-7167", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2016-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1375906", }, ], notes: [ { category: "description", text: "Multiple integer overflow flaws leading to heap-based buffer overflows were found in the way curl handled escaping and unescaping of data. An attacker could potentially use these flaws to crash an application using libcurl by sending a specially crafted input to the affected libcurl functions.", title: "Vulnerability description", }, { category: "summary", text: "curl: escape and unescape integer overflows", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-7167", }, { category: "external", summary: "RHBZ#1375906", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1375906", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-7167", url: "https://www.cve.org/CVERecord?id=CVE-2016-7167", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-7167", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-7167", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20160914.html", url: "https://curl.haxx.se/docs/adv_20160914.html", }, ], release_date: "2016-09-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 2.9, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: escape and unescape integer overflows", }, { cve: "CVE-2016-8615", cwe: { id: "CWE-99", name: "Improper Control of Resource Identifiers ('Resource Injection')", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388370", }, ], notes: [ { category: "description", text: "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", title: "Vulnerability description", }, { category: "summary", text: "curl: Cookie injection for other servers", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8615", }, { category: "external", summary: "RHBZ#1388370", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388370", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8615", url: "https://www.cve.org/CVERecord?id=CVE-2016-8615", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8615", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8615", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102A.html", url: "https://curl.haxx.se/docs/adv_20161102A.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: Cookie injection for other servers", }, { cve: "CVE-2016-8616", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388371", }, ], notes: [ { category: "description", text: "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", title: "Vulnerability description", }, { category: "summary", text: "curl: Case insensitive password comparison", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8616", }, { category: "external", summary: "RHBZ#1388371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388371", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8616", url: "https://www.cve.org/CVERecord?id=CVE-2016-8616", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8616", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8616", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102B.html", url: "https://curl.haxx.se/docs/adv_20161102B.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: Case insensitive password comparison", }, { cve: "CVE-2016-8617", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388377", }, ], notes: [ { category: "description", text: "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", title: "Vulnerability description", }, { category: "summary", text: "curl: Out-of-bounds write via unchecked multiplication", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8617", }, { category: "external", summary: "RHBZ#1388377", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388377", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8617", url: "https://www.cve.org/CVERecord?id=CVE-2016-8617", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8617", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8617", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102C.html", url: "https://curl.haxx.se/docs/adv_20161102C.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: Out-of-bounds write via unchecked multiplication", }, { cve: "CVE-2016-8618", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388378", }, ], notes: [ { category: "description", text: "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", title: "Vulnerability description", }, { category: "summary", text: "curl: Double-free in curl_maprintf", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8618", }, { category: "external", summary: "RHBZ#1388378", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388378", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8618", url: "https://www.cve.org/CVERecord?id=CVE-2016-8618", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8618", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8618", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102D.html", url: "https://curl.haxx.se/docs/adv_20161102D.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: Double-free in curl_maprintf", }, { cve: "CVE-2016-8619", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388379", }, ], notes: [ { category: "description", text: "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", title: "Vulnerability description", }, { category: "summary", text: "curl: Double-free in krb5 code", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8619", }, { category: "external", summary: "RHBZ#1388379", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388379", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8619", url: "https://www.cve.org/CVERecord?id=CVE-2016-8619", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8619", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8619", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102E.html", url: "https://curl.haxx.se/docs/adv_20161102E.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: Double-free in krb5 code", }, { cve: "CVE-2016-8621", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388385", }, ], notes: [ { category: "description", text: "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", title: "Vulnerability description", }, { category: "summary", text: "curl: curl_getdate out-of-bounds read", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8621", }, { category: "external", summary: "RHBZ#1388385", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388385", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8621", url: "https://www.cve.org/CVERecord?id=CVE-2016-8621", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8621", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8621", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102G.html", url: "https://curl.haxx.se/docs/adv_20161102G.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: curl_getdate out-of-bounds read", }, { cve: "CVE-2016-8622", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388386", }, ], notes: [ { category: "description", text: "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.", title: "Vulnerability description", }, { category: "summary", text: "curl: URL unescape heap overflow via integer truncation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8622", }, { category: "external", summary: "RHBZ#1388386", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388386", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8622", url: "https://www.cve.org/CVERecord?id=CVE-2016-8622", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8622", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8622", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102H.html", url: "https://curl.haxx.se/docs/adv_20161102H.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: URL unescape heap overflow via integer truncation", }, { cve: "CVE-2016-8623", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388388", }, ], notes: [ { category: "description", text: "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", title: "Vulnerability description", }, { category: "summary", text: "curl: Use-after-free via shared cookies", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8623", }, { category: "external", summary: "RHBZ#1388388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388388", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8623", url: "https://www.cve.org/CVERecord?id=CVE-2016-8623", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8623", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8623", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102I.html", url: "https://curl.haxx.se/docs/adv_20161102I.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: Use-after-free via shared cookies", }, { cve: "CVE-2016-8624", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388390", }, ], notes: [ { category: "description", text: "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", title: "Vulnerability description", }, { category: "summary", text: "curl: Invalid URL parsing with '#'", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8624", }, { category: "external", summary: "RHBZ#1388390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388390", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8624", url: "https://www.cve.org/CVERecord?id=CVE-2016-8624", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8624", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8624", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102J.html", url: "https://curl.haxx.se/docs/adv_20161102J.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: Invalid URL parsing with '#'", }, { cve: "CVE-2016-8625", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388392", }, ], notes: [ { category: "description", text: "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", title: "Vulnerability description", }, { category: "summary", text: "curl: IDNA 2003 makes curl use wrong host", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8625", }, { category: "external", summary: "RHBZ#1388392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8625", url: "https://www.cve.org/CVERecord?id=CVE-2016-8625", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8625", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8625", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102K.html", url: "https://curl.haxx.se/docs/adv_20161102K.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: IDNA 2003 makes curl use wrong host", }, { cve: "CVE-2016-9318", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2016-11-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1395609", }, ], notes: [ { category: "description", text: "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: XML External Entity vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-9318", }, { category: "external", summary: "RHBZ#1395609", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1395609", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-9318", url: "https://www.cve.org/CVERecord?id=CVE-2016-9318", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-9318", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-9318", }, ], release_date: "2016-10-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, { category: "workaround", details: "Application parsing untrusted input with libxml2 should be careful to NOT use entity expansion (enabled by XML_PARSE_NOENT) or DTD validation (XML_PARSE_DTDLOAD, XML_PARSE_DTDVALID) on such input.", product_ids: [ "Red Hat JBoss Core Services 1", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: XML External Entity vulnerability", }, { cve: "CVE-2016-9596", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2016-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1408302", }, ], notes: [ { category: "description", text: "libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: stack exhaustion while parsing xml files in recovery mode (unfixed CVE-2016-3627 in JBCS)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-9596", }, { category: "external", summary: "RHBZ#1408302", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1408302", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-9596", url: "https://www.cve.org/CVERecord?id=CVE-2016-9596", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-9596", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-9596", }, ], release_date: "2016-03-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: stack exhaustion while parsing xml files in recovery mode (unfixed CVE-2016-3627 in JBCS)", }, { cve: "CVE-2016-9597", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2016-04-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1408305", }, ], notes: [ { category: "description", text: "It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: stack overflow before detecting invalid XML file (unfixed CVE-2016-3705 in JBCS)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-9597", }, { category: "external", summary: "RHBZ#1408305", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1408305", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-9597", url: "https://www.cve.org/CVERecord?id=CVE-2016-9597", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-9597", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-9597", }, ], release_date: "2016-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: stack overflow before detecting invalid XML file (unfixed CVE-2016-3705 in JBCS)", }, { cve: "CVE-2016-9598", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2016-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1408306", }, ], notes: [ { category: "description", text: "libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-9598", }, { category: "external", summary: "RHBZ#1408306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1408306", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-9598", url: "https://www.cve.org/CVERecord?id=CVE-2016-9598", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-9598", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-9598", }, ], release_date: "2016-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS)", }, { cve: "CVE-2017-6004", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2017-02-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1425365", }, ], notes: [ { category: "description", text: "The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.", title: "Vulnerability description", }, { category: "summary", text: "pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-6004", }, { category: "external", summary: "RHBZ#1425365", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1425365", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-6004", url: "https://www.cve.org/CVERecord?id=CVE-2017-6004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-6004", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-6004", }, ], release_date: "2017-02-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)", }, { cve: "CVE-2017-7186", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2017-03-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1434504", }, ], notes: [ { category: "description", text: "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.", title: "Vulnerability description", }, { category: "summary", text: "pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7186", }, { category: "external", summary: "RHBZ#1434504", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1434504", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7186", url: "https://www.cve.org/CVERecord?id=CVE-2017-7186", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7186", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7186", }, ], release_date: "2017-02-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)", }, { cve: "CVE-2017-7244", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2017-03-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1437364", }, ], notes: [ { category: "description", text: "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", title: "Vulnerability description", }, { category: "summary", text: "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7244", }, { category: "external", summary: "RHBZ#1437364", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1437364", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7244", url: "https://www.cve.org/CVERecord?id=CVE-2017-7244", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7244", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7244", }, { category: "external", summary: "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", url: "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", }, ], release_date: "2017-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", }, { cve: "CVE-2017-7245", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2017-03-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1437367", }, ], notes: [ { category: "description", text: "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", title: "Vulnerability description", }, { category: "summary", text: "pcre: stack-based buffer overflow write in pcre32_copy_substring", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7245", }, { category: "external", summary: "RHBZ#1437367", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1437367", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7245", url: "https://www.cve.org/CVERecord?id=CVE-2017-7245", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7245", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7245", }, { category: "external", summary: "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", url: "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", }, ], release_date: "2017-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "pcre: stack-based buffer overflow write in pcre32_copy_substring", }, { cve: "CVE-2017-7246", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2017-03-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1437369", }, ], notes: [ { category: "description", text: "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", title: "Vulnerability description", }, { category: "summary", text: "pcre: stack-based buffer overflow write in pcre32_copy_substring", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7246", }, { category: "external", summary: "RHBZ#1437369", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1437369", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7246", url: "https://www.cve.org/CVERecord?id=CVE-2017-7246", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7246", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7246", }, { category: "external", summary: "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", url: "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", }, ], release_date: "2017-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "pcre: stack-based buffer overflow write in pcre32_copy_substring", }, { cve: "CVE-2017-9047", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2017-05-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1452554", }, ], notes: [ { category: "description", text: "A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Buffer overflow in function xmlSnprintfElementContent", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability exists in the DTD validation functionality of libxml2. Applications that do not attempt to validate untrusted documents are not impacted.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-9047", }, { category: "external", summary: "RHBZ#1452554", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1452554", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-9047", url: "https://www.cve.org/CVERecord?id=CVE-2017-9047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-9047", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-9047", }, ], release_date: "2017-05-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Buffer overflow in function xmlSnprintfElementContent", }, { cve: "CVE-2017-9048", cwe: { id: "CWE-121", name: "Stack-based Buffer Overflow", }, discovery_date: "2017-05-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1452549", }, ], notes: [ { category: "description", text: "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability exists in the DTD validation functionality of libxml2. Applications that do not attempt to validate untrusted documents are not impacted.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-9048", }, { category: "external", summary: "RHBZ#1452549", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1452549", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-9048", url: "https://www.cve.org/CVERecord?id=CVE-2017-9048", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-9048", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-9048", }, ], release_date: "2017-05-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent", }, { cve: "CVE-2017-9049", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2017-05-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1452556", }, ], notes: [ { category: "description", text: "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-9049", }, { category: "external", summary: "RHBZ#1452556", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1452556", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-9049", url: "https://www.cve.org/CVERecord?id=CVE-2017-9049", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-9049", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-9049", }, ], release_date: "2017-05-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey", }, { cve: "CVE-2017-9050", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2017-05-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1452553", }, ], notes: [ { category: "description", text: "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Heap-based buffer over-read in function xmlDictAddString", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-9050", }, { category: "external", summary: "RHBZ#1452553", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1452553", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-9050", url: "https://www.cve.org/CVERecord?id=CVE-2017-9050", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-9050", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-9050", }, ], release_date: "2017-05-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Heap-based buffer over-read in function xmlDictAddString", }, { cve: "CVE-2017-18258", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-04-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1566749", }, ], notes: [ { category: "description", text: "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18258", }, { category: "external", summary: "RHBZ#1566749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1566749", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18258", url: "https://www.cve.org/CVERecord?id=CVE-2017-18258", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", }, ], release_date: "2017-09-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", }, { acknowledgments: [ { names: [ "the Curl project", ], }, { names: [ "Max Dymond", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2017-1000254", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2017-09-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1495541", }, ], notes: [ { category: "description", text: "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", title: "Vulnerability description", }, { category: "summary", text: "curl: FTP PWD response parser out of bounds read", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-1000254", }, { category: "external", summary: "RHBZ#1495541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1495541", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-1000254", url: "https://www.cve.org/CVERecord?id=CVE-2017-1000254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-1000254", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-1000254", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20171004.html", url: "https://curl.haxx.se/docs/adv_20171004.html", }, ], release_date: "2017-10-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: FTP PWD response parser out of bounds read", }, { acknowledgments: [ { names: [ "the Curl project", ], }, { names: [ "Brian Carpenter", "the OSS-Fuzz project", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2017-1000257", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2017-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1503705", }, ], notes: [ { category: "description", text: "A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application.", title: "Vulnerability description", }, { category: "summary", text: "curl: IMAP FETCH response out of bounds read", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-1000257", }, { category: "external", summary: "RHBZ#1503705", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503705", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-1000257", url: "https://www.cve.org/CVERecord?id=CVE-2017-1000257", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-1000257", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-1000257", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20171023.html", url: "https://curl.haxx.se/docs/adv_20171023.html", }, ], release_date: "2017-10-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, { category: "workaround", details: "Switch off IMAP in `CURLOPT_PROTOCOLS`", product_ids: [ "Red Hat JBoss Core Services 1", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: IMAP FETCH response out of bounds read", }, { acknowledgments: [ { names: [ "the Curl project", ], }, { names: [ "Peter Wu", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2018-0500", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2018-07-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1597101", }, ], notes: [ { category: "description", text: "A heap-based buffer overflow has been found in the Curl_smtp_escape_eob() function of curl. An attacker could exploit this by convincing a user to use curl to upload data over SMTP with a reduced buffer to cause a crash or corrupt memory.", title: "Vulnerability description", }, { category: "summary", text: "curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of curl/libcurl as shipped with Red Hat Enterprise Linux 5, 6 and 7 as they did not include the vulnerable code.\n\nThis issue did not affect the versions of curl/libcurl as shipped with Red Hat Software Collections 3 as they did not include the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-0500", }, { category: "external", summary: "RHBZ#1597101", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1597101", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-0500", url: "https://www.cve.org/CVERecord?id=CVE-2018-0500", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-0500", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-0500", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_2018-70a2.html", url: "https://curl.haxx.se/docs/adv_2018-70a2.html", }, ], release_date: "2018-07-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP", }, ], }
RHSA-2018:2186
Vulnerability from csaf_redhat
Published
2018-07-12 16:14
Modified
2025-01-09 05:42
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update
Notes
Topic
Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this release as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
This release adds the new Apache HTTP Server 2.4.29 packages that are part
of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services
Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes,
enhancements and component upgrades included in this release.
This release upgrades OpenSSL to version 1.0.2.n
Security Fix(es):
* openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)
* openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)
* openssl: certificate message OOB reads (CVE-2016-6306)
* openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)
* openssl: Truncated packet could crash via OOB read (CVE-2017-3731)
* openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
* openssl: Read/write after SSL object in error state (CVE-2017-3737)
* openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6306
and CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this release as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release.\n\nThis release upgrades OpenSSL to version 1.0.2.n\n\nSecurity Fix(es):\n\n* openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)\n\n* openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)\n\n* openssl: certificate message OOB reads (CVE-2016-6306)\n\n* openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)\n\n* openssl: Truncated packet could crash via OOB read (CVE-2017-3731)\n\n* openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)\n\n* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)\n\n* openssl: Read/write after SSL object in error state (CVE-2017-3737)\n\n* openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6306 \nand CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2018:2186", url: "https://access.redhat.com/errata/RHSA-2018:2186", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/", }, { category: "external", summary: "1367340", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1367340", }, { category: "external", summary: "1369855", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1369855", }, { category: "external", summary: "1377594", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1377594", }, { category: "external", summary: "1393929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1393929", }, { category: "external", summary: "1416852", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416852", }, { category: "external", summary: "1416856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416856", }, { category: "external", summary: "1509169", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1509169", }, { category: "external", summary: "1523504", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523504", }, { category: "external", summary: "1523510", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523510", }, { category: "external", summary: "JBCS-372", url: "https://issues.redhat.com/browse/JBCS-372", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2186.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update", tracking: { current_release_date: "2025-01-09T05:42:17+00:00", generator: { date: "2025-01-09T05:42:17+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2018:2186", initial_release_date: "2018-07-12T16:14:52+00:00", revision_history: [ { date: "2018-07-12T16:14:52+00:00", number: "1", summary: "Initial version", }, { date: "2018-07-12T16:14:52+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-09T05:42:17+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Core Services on RHEL 6 Server", product: { name: "Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_core_services:1::el6", }, }, }, ], category: "product_family", name: "Red Hat JBoss Core Services", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt-debuginfo@2.4.1-19.GA.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt@2.4.1-19.GA.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-17.GA.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx-debuginfo@0.9.6-17.GA.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb@5.4-36.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb-debuginfo@5.4-36.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_2.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.8-1.Final_redhat_2.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.43-1.redhat_1.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.43-1.redhat_1.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.43-1.redhat_1.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-14.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-14.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-14.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-9.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", product_id: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2n-11.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", product_id: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2n-11.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", product_id: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-11.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", product_id: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2n-11.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", product_id: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2n-11.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", product_id: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2n-11.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", product_id: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-8.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", product_id: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.29.0-8.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", product_id: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.29.0-8.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-23.GA.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.1-23.GA.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.29-17.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.29-17.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.29-17.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.29-17.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.29-17.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.29-17.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.29-17.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-17.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", product_id: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.29-17.jbcs.el6?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-1.redhat_2.jbcs.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo@1.1.0-1.redhat_2.jbcs.el6?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt-debuginfo@2.4.1-19.GA.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt@2.4.1-19.GA.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-17.GA.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx-debuginfo@0.9.6-17.GA.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb@5.4-36.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb-debuginfo@5.4-36.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_2.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.8-1.Final_redhat_2.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.43-1.redhat_1.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.43-1.redhat_1.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.43-1.redhat_1.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-14.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-14.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-14.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", product: { name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", product_id: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-9.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", product: { name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", product_id: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2n-11.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", product: { name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", product_id: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2n-11.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", product: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", product_id: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-11.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", product: { name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", product_id: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2n-11.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", product: { name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", product_id: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2n-11.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", product: { name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", product_id: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2n-11.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", product: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", product_id: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-8.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", product: { name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", product_id: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.29.0-8.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", product: { name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", product_id: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.29.0-8.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-23.GA.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.1-23.GA.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.29-17.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.29-17.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.29-17.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.29-17.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.29-17.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.29-17.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.29-17.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-17.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", product: { name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", product_id: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.29-17.jbcs.el6?arch=i686", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-1.redhat_2.jbcs.el6?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo@1.1.0-1.redhat_2.jbcs.el6?arch=i686&epoch=1", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", product: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", product_id: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt@2.4.1-19.GA.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", product: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", product_id: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-17.GA.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", product: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", product_id: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb@5.4-36.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", product: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", product_id: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_2.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", product: { name: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", product_id: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.43-1.redhat_1.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", product: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", product_id: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-14.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", product: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", product_id: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-9.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", product: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", product_id: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-11.jbcs.el6?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", product: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", product_id: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-8.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", product: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", product_id: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-23.GA.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", product: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", product_id: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-17.jbcs.el6?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-1.redhat_2.jbcs.el6?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", product: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", product_id: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.1.0-1.redhat_2.1.jbcs.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", product: { name: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", product_id: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.29-17.jbcs.el6?arch=noarch", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", product: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", product_id: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.1.0-1.redhat_2.1.jbcs.el6?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", }, product_reference: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", }, product_reference: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", }, product_reference: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", }, product_reference: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", }, product_reference: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", }, product_reference: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", }, product_reference: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", }, product_reference: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", }, product_reference: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", }, product_reference: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", }, product_reference: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", }, product_reference: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", }, product_reference: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", }, product_reference: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", }, product_reference: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", relates_to_product_reference: "6Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", product_id: "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", }, product_reference: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", relates_to_product_reference: "6Server-JBCS", }, ], }, vulnerabilities: [ { cve: "CVE-2016-2182", cwe: { id: "CWE-391", name: "Unchecked Error Condition", }, discovery_date: "2016-08-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1367340", }, ], notes: [ { category: "description", text: "An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-2182", }, { category: "external", summary: "RHBZ#1367340", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1367340", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-2182", url: "https://www.cve.org/CVERecord?id=CVE-2016-2182", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-2182", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-2182", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20160922.txt", url: "https://www.openssl.org/news/secadv/20160922.txt", }, ], release_date: "2016-08-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()", }, { cve: "CVE-2016-4975", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2016-09-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1375968", }, ], notes: [ { category: "description", text: "It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data.", title: "Vulnerability description", }, { category: "summary", text: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-4975", }, { category: "external", summary: "RHBZ#1375968", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1375968", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-4975", url: "https://www.cve.org/CVERecord?id=CVE-2016-4975", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", }, ], release_date: "2018-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", }, { cve: "CVE-2016-6302", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2016-08-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1369855", }, ], notes: [ { category: "description", text: "An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Insufficient TLS session ticket HMAC length checks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-6302", }, { category: "external", summary: "RHBZ#1369855", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1369855", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-6302", url: "https://www.cve.org/CVERecord?id=CVE-2016-6302", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-6302", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-6302", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20160922.txt", url: "https://www.openssl.org/news/secadv/20160922.txt", }, ], release_date: "2016-08-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Insufficient TLS session ticket HMAC length checks", }, { acknowledgments: [ { names: [ "the OpenSSL project", ], }, { names: [ "Shi Lei", ], organization: "Gear Team of Qihoo 360 Inc.", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2016-6306", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2016-09-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1377594", }, ], notes: [ { category: "description", text: "Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL.", title: "Vulnerability description", }, { category: "summary", text: "openssl: certificate message OOB reads", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-6306", }, { category: "external", summary: "RHBZ#1377594", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1377594", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-6306", url: "https://www.cve.org/CVERecord?id=CVE-2016-6306", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-6306", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-6306", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20160922.txt", url: "https://www.openssl.org/news/secadv/20160922.txt", }, ], release_date: "2016-09-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 1.2, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: certificate message OOB reads", }, { acknowledgments: [ { names: [ "the OpenSSL project", ], }, ], cve: "CVE-2016-7055", cwe: { id: "CWE-682", name: "Incorrect Calculation", }, discovery_date: "2016-10-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1393929", }, ], notes: [ { category: "description", text: "There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Carry propagating bug in Montgomery multiplication", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-7055", }, { category: "external", summary: "RHBZ#1393929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1393929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-7055", url: "https://www.cve.org/CVERecord?id=CVE-2016-7055", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-7055", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-7055", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20161110.txt", url: "https://www.openssl.org/news/secadv/20161110.txt", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20170126.txt", url: "https://www.openssl.org/news/secadv/20170126.txt", }, ], release_date: "2016-10-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: Carry propagating bug in Montgomery multiplication", }, { cve: "CVE-2017-3731", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2017-01-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1416852", }, ], notes: [ { category: "description", text: "An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Truncated packet could crash via OOB read", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3731", }, { category: "external", summary: "RHBZ#1416852", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416852", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3731", url: "https://www.cve.org/CVERecord?id=CVE-2017-3731", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3731", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3731", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20170126.txt", url: "https://www.openssl.org/news/secadv/20170126.txt", }, ], release_date: "2017-01-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Truncated packet could crash via OOB read", }, { cve: "CVE-2017-3732", discovery_date: "2017-01-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1416856", }, ], notes: [ { category: "description", text: "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.", title: "Vulnerability description", }, { category: "summary", text: "openssl: BN_mod_exp may produce incorrect results on x86_64", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3732", }, { category: "external", summary: "RHBZ#1416856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416856", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3732", url: "https://www.cve.org/CVERecord?id=CVE-2017-3732", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3732", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3732", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20170126.txt", url: "https://www.openssl.org/news/secadv/20170126.txt", }, ], release_date: "2017-01-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: BN_mod_exp may produce incorrect results on x86_64", }, { cve: "CVE-2017-3736", cwe: { id: "CWE-682", name: "Incorrect Calculation", }, discovery_date: "2017-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1509169", }, ], notes: [ { category: "description", text: "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.", title: "Vulnerability description", }, { category: "summary", text: "openssl: bn_sqrx8x_internal carry bug on x86_64", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3736", }, { category: "external", summary: "RHBZ#1509169", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1509169", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3736", url: "https://www.cve.org/CVERecord?id=CVE-2017-3736", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3736", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3736", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20171102.txt", url: "https://www.openssl.org/news/secadv/20171102.txt", }, ], release_date: "2017-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: bn_sqrx8x_internal carry bug on x86_64", }, { cve: "CVE-2017-3737", cwe: { id: "CWE-391", name: "Unchecked Error Condition", }, discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523504", }, ], notes: [ { category: "description", text: "OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Read/write after SSL object in error state", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3737", }, { category: "external", summary: "RHBZ#1523504", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523504", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3737", url: "https://www.cve.org/CVERecord?id=CVE-2017-3737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3737", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3737", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20171207.txt", url: "https://www.openssl.org/news/secadv/20171207.txt", }, ], release_date: "2017-12-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Read/write after SSL object in error state", }, { cve: "CVE-2017-3738", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523510", }, ], notes: [ { category: "description", text: "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.", title: "Vulnerability description", }, { category: "summary", text: "openssl: rsaz_1024_mul_avx2 overflow bug on x86_64", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3738", }, { category: "external", summary: "RHBZ#1523510", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523510", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3738", url: "https://www.cve.org/CVERecord?id=CVE-2017-3738", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3738", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3738", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20171207.txt", url: "https://www.openssl.org/news/secadv/20171207.txt", }, ], release_date: "2017-12-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:52+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2186", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: rsaz_1024_mul_avx2 overflow bug on x86_64", }, ], }
RHSA-2018:2486
Vulnerability from csaf_redhat
Published
2018-08-16 16:06
Modified
2025-01-09 05:42
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update
Notes
Topic
Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages for Microsoft Windows and Oracle Solaris are now available.
Red Hat Product Security has rated this release as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
This release adds the new Apache HTTP Server 2.4.29 packages that are part
of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services
Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer
to the Release Notes for information on the most significant bug fixes,
enhancements and component upgrades included in this release.
Security Fix(es):
* expat: Out-of-bounds heap read on crafted input causing crash (CVE-2016-0718)
* curl: escape and unescape integer overflows (CVE-2016-7167)
* curl: Cookie injection for other servers (CVE-2016-8615)
* curl: Case insensitive password comparison (CVE-2016-8616)
* curl: Out-of-bounds write via unchecked multiplication (CVE-2016-8617)
* curl: Double-free in curl_maprintf (CVE-2016-8618)
* curl: Double-free in krb5 code (CVE-2016-8619)
* curl: curl_getdate out-of-bounds read (CVE-2016-8621)
* curl: URL unescape heap overflow via integer truncation (CVE-2016-8622)
* curl: Use-after-free via shared cookies (CVE-2016-8623)
* curl: Invalid URL parsing with '#' (CVE-2016-8624)
* curl: IDNA 2003 makes curl use wrong host (CVE-2016-8625)
* libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS) (CVE-2016-9598)
* pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3) (CVE-2017-6004)
* pcre: Invalid Unicode property lookup (8.41/7, 10.24/2) (CVE-2017-7186)
* pcre: invalid memory read in_pcre32_xclass (pcre_xclass.c) (CVE-2017-7244)
* pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7245)
* pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7246)
* curl: FTP PWD response parser out of bounds read (CVE-2017-1000254)
* curl: IMAP FETCH response out of bounds read (CVE-2017-1000257)
* curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP (CVE-2018-0500)
Details around this issue, including information about the CVE, severity of
the issue, and the CVSS score can be found on the CVE page listed in the
Reference section below.
The following packages have been upgraded to a newer upstream version:
* Curl (7.57.0)
* OpenSSL (1.0.2n)
* Expat (2.2.5)
* PCRE (8.41)
* libxml2 (2.9.7)
Acknowledgements:
CVE-2017-1000254: Red Hat would like to thank Daniel Stenberg for reporting this issue.
Upstream acknowledges Max Dymond as the original reporter.
CVE-2017-1000257: Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Brian Carpenter, (the OSS-Fuzz project) as the original reporter.
CVE-2018-0500: Red Hat would like to thank the Curl project for reporting this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages for Microsoft Windows and Oracle Solaris are now available.\n\nRed Hat Product Security has rated this release as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer\nto the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release.\n\nSecurity Fix(es):\n\n* expat: Out-of-bounds heap read on crafted input causing crash (CVE-2016-0718)\n* curl: escape and unescape integer overflows (CVE-2016-7167)\n* curl: Cookie injection for other servers (CVE-2016-8615)\n* curl: Case insensitive password comparison (CVE-2016-8616)\n* curl: Out-of-bounds write via unchecked multiplication (CVE-2016-8617)\n* curl: Double-free in curl_maprintf (CVE-2016-8618)\n* curl: Double-free in krb5 code (CVE-2016-8619)\n* curl: curl_getdate out-of-bounds read (CVE-2016-8621)\n* curl: URL unescape heap overflow via integer truncation (CVE-2016-8622)\n* curl: Use-after-free via shared cookies (CVE-2016-8623)\n* curl: Invalid URL parsing with '#' (CVE-2016-8624)\n* curl: IDNA 2003 makes curl use wrong host (CVE-2016-8625)\n* libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS) (CVE-2016-9598)\n* pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3) (CVE-2017-6004)\n* pcre: Invalid Unicode property lookup (8.41/7, 10.24/2) (CVE-2017-7186)\n* pcre: invalid memory read in_pcre32_xclass (pcre_xclass.c) (CVE-2017-7244)\n* pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7245)\n* pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7246)\n* curl: FTP PWD response parser out of bounds read (CVE-2017-1000254)\n* curl: IMAP FETCH response out of bounds read (CVE-2017-1000257)\n* curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP (CVE-2018-0500)\n\nDetails around this issue, including information about the CVE, severity of\nthe issue, and the CVSS score can be found on the CVE page listed in the\nReference section below.\n\nThe following packages have been upgraded to a newer upstream version:\n* Curl (7.57.0)\n* OpenSSL (1.0.2n)\n* Expat (2.2.5)\n* PCRE (8.41)\n* libxml2 (2.9.7)\n\nAcknowledgements:\n\nCVE-2017-1000254: Red Hat would like to thank Daniel Stenberg for reporting this issue.\nUpstream acknowledges Max Dymond as the original reporter.\nCVE-2017-1000257: Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Brian Carpenter, (the OSS-Fuzz project) as the original reporter.\nCVE-2018-0500: Red Hat would like to thank the Curl project for reporting this issue.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2018:2486", url: "https://access.redhat.com/errata/RHSA-2018:2486", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/html-single/red_hat_jboss_core_services_apache_http_server_2.4.29_release_notes/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/html-single/red_hat_jboss_core_services_apache_http_server_2.4.29_release_notes/", }, { category: "external", summary: "1296102", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1296102", }, { category: "external", summary: "1375906", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1375906", }, { category: "external", summary: "1388370", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388370", }, { category: "external", summary: "1388371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388371", }, { category: "external", summary: "1388377", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388377", }, { category: "external", summary: "1388378", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388378", }, { category: "external", summary: "1388379", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388379", }, { category: "external", summary: "1388385", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388385", }, { category: "external", summary: "1388386", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388386", }, { category: "external", summary: "1388388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388388", }, { category: "external", summary: "1388390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388390", }, { category: "external", summary: "1388392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388392", }, { category: "external", summary: "1408306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1408306", }, { category: "external", summary: "1425365", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1425365", }, { category: "external", summary: "1434504", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1434504", }, { category: "external", summary: "1437364", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1437364", }, { category: "external", summary: "1437367", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1437367", }, { category: "external", summary: "1437369", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1437369", }, { category: "external", summary: "1495541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1495541", }, { category: "external", summary: "1503705", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503705", }, { category: "external", summary: "1597101", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1597101", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2486.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update", tracking: { current_release_date: "2025-01-09T05:42:49+00:00", generator: { date: "2025-01-09T05:42:49+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2018:2486", initial_release_date: "2018-08-16T16:06:16+00:00", revision_history: [ { date: "2018-08-16T16:06:16+00:00", number: "1", summary: "Initial version", }, { date: "2018-08-16T16:06:16+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-09T05:42:49+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Text-Only JBCS", product: { name: "Text-Only JBCS", product_id: "Text-Only JBCS", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_core_services:1", }, }, }, ], category: "product_family", name: "Red Hat JBoss Core Services", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Gustavo Grieco", ], }, ], cve: "CVE-2016-0718", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2016-01-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1296102", }, ], notes: [ { category: "description", text: "An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application.", title: "Vulnerability description", }, { category: "summary", text: "expat: Out-of-bounds heap read on crafted input causing crash", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-0718", }, { category: "external", summary: "RHBZ#1296102", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1296102", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-0718", url: "https://www.cve.org/CVERecord?id=CVE-2016-0718", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-0718", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-0718", }, ], release_date: "2016-05-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "expat: Out-of-bounds heap read on crafted input causing crash", }, { cve: "CVE-2016-4975", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2016-09-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1375968", }, ], notes: [ { category: "description", text: "It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data.", title: "Vulnerability description", }, { category: "summary", text: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-4975", }, { category: "external", summary: "RHBZ#1375968", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1375968", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-4975", url: "https://www.cve.org/CVERecord?id=CVE-2016-4975", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", }, ], release_date: "2018-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", }, { cve: "CVE-2016-5131", discovery_date: "2016-07-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1358641", }, ], notes: [ { category: "description", text: "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Use after free triggered by XPointer paths beginning with range-to", title: "Vulnerability summary", }, { category: "other", text: "This flaw in libxml2 requires exposing the library to XPath/XPointer expressions from an untrusted source, which is not common in practice for applications using libxml2. For libxml2, Red Hat Product Security has rated this vulnerability as Moderate severity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-5131", }, { category: "external", summary: "RHBZ#1358641", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-5131", url: "https://www.cve.org/CVERecord?id=CVE-2016-5131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", }, { category: "external", summary: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", url: "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", }, ], release_date: "2016-07-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libxml2: Use after free triggered by XPointer paths beginning with range-to", }, { cve: "CVE-2016-7167", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2016-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1375906", }, ], notes: [ { category: "description", text: "Multiple integer overflow flaws leading to heap-based buffer overflows were found in the way curl handled escaping and unescaping of data. An attacker could potentially use these flaws to crash an application using libcurl by sending a specially crafted input to the affected libcurl functions.", title: "Vulnerability description", }, { category: "summary", text: "curl: escape and unescape integer overflows", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-7167", }, { category: "external", summary: "RHBZ#1375906", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1375906", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-7167", url: "https://www.cve.org/CVERecord?id=CVE-2016-7167", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-7167", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-7167", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20160914.html", url: "https://curl.haxx.se/docs/adv_20160914.html", }, ], release_date: "2016-09-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 2.9, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: escape and unescape integer overflows", }, { cve: "CVE-2016-8615", cwe: { id: "CWE-99", name: "Improper Control of Resource Identifiers ('Resource Injection')", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388370", }, ], notes: [ { category: "description", text: "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", title: "Vulnerability description", }, { category: "summary", text: "curl: Cookie injection for other servers", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8615", }, { category: "external", summary: "RHBZ#1388370", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388370", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8615", url: "https://www.cve.org/CVERecord?id=CVE-2016-8615", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8615", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8615", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102A.html", url: "https://curl.haxx.se/docs/adv_20161102A.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: Cookie injection for other servers", }, { cve: "CVE-2016-8616", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388371", }, ], notes: [ { category: "description", text: "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", title: "Vulnerability description", }, { category: "summary", text: "curl: Case insensitive password comparison", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8616", }, { category: "external", summary: "RHBZ#1388371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388371", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8616", url: "https://www.cve.org/CVERecord?id=CVE-2016-8616", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8616", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8616", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102B.html", url: "https://curl.haxx.se/docs/adv_20161102B.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: Case insensitive password comparison", }, { cve: "CVE-2016-8617", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388377", }, ], notes: [ { category: "description", text: "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", title: "Vulnerability description", }, { category: "summary", text: "curl: Out-of-bounds write via unchecked multiplication", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8617", }, { category: "external", summary: "RHBZ#1388377", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388377", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8617", url: "https://www.cve.org/CVERecord?id=CVE-2016-8617", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8617", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8617", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102C.html", url: "https://curl.haxx.se/docs/adv_20161102C.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: Out-of-bounds write via unchecked multiplication", }, { cve: "CVE-2016-8618", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388378", }, ], notes: [ { category: "description", text: "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", title: "Vulnerability description", }, { category: "summary", text: "curl: Double-free in curl_maprintf", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8618", }, { category: "external", summary: "RHBZ#1388378", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388378", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8618", url: "https://www.cve.org/CVERecord?id=CVE-2016-8618", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8618", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8618", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102D.html", url: "https://curl.haxx.se/docs/adv_20161102D.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: Double-free in curl_maprintf", }, { cve: "CVE-2016-8619", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388379", }, ], notes: [ { category: "description", text: "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", title: "Vulnerability description", }, { category: "summary", text: "curl: Double-free in krb5 code", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8619", }, { category: "external", summary: "RHBZ#1388379", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388379", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8619", url: "https://www.cve.org/CVERecord?id=CVE-2016-8619", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8619", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8619", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102E.html", url: "https://curl.haxx.se/docs/adv_20161102E.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: Double-free in krb5 code", }, { cve: "CVE-2016-8621", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388385", }, ], notes: [ { category: "description", text: "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", title: "Vulnerability description", }, { category: "summary", text: "curl: curl_getdate out-of-bounds read", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8621", }, { category: "external", summary: "RHBZ#1388385", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388385", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8621", url: "https://www.cve.org/CVERecord?id=CVE-2016-8621", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8621", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8621", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102G.html", url: "https://curl.haxx.se/docs/adv_20161102G.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: curl_getdate out-of-bounds read", }, { cve: "CVE-2016-8622", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388386", }, ], notes: [ { category: "description", text: "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.", title: "Vulnerability description", }, { category: "summary", text: "curl: URL unescape heap overflow via integer truncation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8622", }, { category: "external", summary: "RHBZ#1388386", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388386", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8622", url: "https://www.cve.org/CVERecord?id=CVE-2016-8622", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8622", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8622", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102H.html", url: "https://curl.haxx.se/docs/adv_20161102H.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: URL unescape heap overflow via integer truncation", }, { cve: "CVE-2016-8623", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388388", }, ], notes: [ { category: "description", text: "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", title: "Vulnerability description", }, { category: "summary", text: "curl: Use-after-free via shared cookies", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8623", }, { category: "external", summary: "RHBZ#1388388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388388", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8623", url: "https://www.cve.org/CVERecord?id=CVE-2016-8623", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8623", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8623", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102I.html", url: "https://curl.haxx.se/docs/adv_20161102I.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: Use-after-free via shared cookies", }, { cve: "CVE-2016-8624", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388390", }, ], notes: [ { category: "description", text: "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", title: "Vulnerability description", }, { category: "summary", text: "curl: Invalid URL parsing with '#'", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8624", }, { category: "external", summary: "RHBZ#1388390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388390", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8624", url: "https://www.cve.org/CVERecord?id=CVE-2016-8624", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8624", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8624", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102J.html", url: "https://curl.haxx.se/docs/adv_20161102J.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: Invalid URL parsing with '#'", }, { cve: "CVE-2016-8625", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2016-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1388392", }, ], notes: [ { category: "description", text: "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", title: "Vulnerability description", }, { category: "summary", text: "curl: IDNA 2003 makes curl use wrong host", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8625", }, { category: "external", summary: "RHBZ#1388392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1388392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8625", url: "https://www.cve.org/CVERecord?id=CVE-2016-8625", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8625", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8625", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20161102K.html", url: "https://curl.haxx.se/docs/adv_20161102K.html", }, ], release_date: "2016-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: IDNA 2003 makes curl use wrong host", }, { cve: "CVE-2016-9318", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2016-11-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1395609", }, ], notes: [ { category: "description", text: "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: XML External Entity vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-9318", }, { category: "external", summary: "RHBZ#1395609", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1395609", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-9318", url: "https://www.cve.org/CVERecord?id=CVE-2016-9318", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-9318", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-9318", }, ], release_date: "2016-10-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, { category: "workaround", details: "Application parsing untrusted input with libxml2 should be careful to NOT use entity expansion (enabled by XML_PARSE_NOENT) or DTD validation (XML_PARSE_DTDLOAD, XML_PARSE_DTDVALID) on such input.", product_ids: [ "Text-Only JBCS", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: XML External Entity vulnerability", }, { cve: "CVE-2016-9596", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2016-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1408302", }, ], notes: [ { category: "description", text: "libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: stack exhaustion while parsing xml files in recovery mode (unfixed CVE-2016-3627 in JBCS)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-9596", }, { category: "external", summary: "RHBZ#1408302", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1408302", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-9596", url: "https://www.cve.org/CVERecord?id=CVE-2016-9596", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-9596", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-9596", }, ], release_date: "2016-03-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: stack exhaustion while parsing xml files in recovery mode (unfixed CVE-2016-3627 in JBCS)", }, { cve: "CVE-2016-9597", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2016-04-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1408305", }, ], notes: [ { category: "description", text: "It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: stack overflow before detecting invalid XML file (unfixed CVE-2016-3705 in JBCS)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-9597", }, { category: "external", summary: "RHBZ#1408305", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1408305", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-9597", url: "https://www.cve.org/CVERecord?id=CVE-2016-9597", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-9597", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-9597", }, ], release_date: "2016-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: stack overflow before detecting invalid XML file (unfixed CVE-2016-3705 in JBCS)", }, { cve: "CVE-2016-9598", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2016-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1408306", }, ], notes: [ { category: "description", text: "libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-9598", }, { category: "external", summary: "RHBZ#1408306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1408306", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-9598", url: "https://www.cve.org/CVERecord?id=CVE-2016-9598", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-9598", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-9598", }, ], release_date: "2016-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS)", }, { cve: "CVE-2017-6004", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2017-02-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1425365", }, ], notes: [ { category: "description", text: "The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.", title: "Vulnerability description", }, { category: "summary", text: "pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-6004", }, { category: "external", summary: "RHBZ#1425365", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1425365", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-6004", url: "https://www.cve.org/CVERecord?id=CVE-2017-6004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-6004", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-6004", }, ], release_date: "2017-02-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)", }, { cve: "CVE-2017-7186", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2017-03-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1434504", }, ], notes: [ { category: "description", text: "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.", title: "Vulnerability description", }, { category: "summary", text: "pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7186", }, { category: "external", summary: "RHBZ#1434504", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1434504", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7186", url: "https://www.cve.org/CVERecord?id=CVE-2017-7186", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7186", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7186", }, ], release_date: "2017-02-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)", }, { cve: "CVE-2017-7244", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2017-03-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1437364", }, ], notes: [ { category: "description", text: "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", title: "Vulnerability description", }, { category: "summary", text: "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7244", }, { category: "external", summary: "RHBZ#1437364", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1437364", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7244", url: "https://www.cve.org/CVERecord?id=CVE-2017-7244", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7244", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7244", }, { category: "external", summary: "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", url: "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", }, ], release_date: "2017-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", }, { cve: "CVE-2017-7245", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2017-03-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1437367", }, ], notes: [ { category: "description", text: "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", title: "Vulnerability description", }, { category: "summary", text: "pcre: stack-based buffer overflow write in pcre32_copy_substring", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7245", }, { category: "external", summary: "RHBZ#1437367", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1437367", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7245", url: "https://www.cve.org/CVERecord?id=CVE-2017-7245", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7245", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7245", }, { category: "external", summary: "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", url: "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", }, ], release_date: "2017-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "pcre: stack-based buffer overflow write in pcre32_copy_substring", }, { cve: "CVE-2017-7246", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2017-03-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1437369", }, ], notes: [ { category: "description", text: "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", title: "Vulnerability description", }, { category: "summary", text: "pcre: stack-based buffer overflow write in pcre32_copy_substring", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7246", }, { category: "external", summary: "RHBZ#1437369", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1437369", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7246", url: "https://www.cve.org/CVERecord?id=CVE-2017-7246", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7246", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7246", }, { category: "external", summary: "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", url: "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", }, ], release_date: "2017-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "pcre: stack-based buffer overflow write in pcre32_copy_substring", }, { cve: "CVE-2017-9047", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2017-05-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1452554", }, ], notes: [ { category: "description", text: "A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Buffer overflow in function xmlSnprintfElementContent", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability exists in the DTD validation functionality of libxml2. Applications that do not attempt to validate untrusted documents are not impacted.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-9047", }, { category: "external", summary: "RHBZ#1452554", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1452554", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-9047", url: "https://www.cve.org/CVERecord?id=CVE-2017-9047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-9047", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-9047", }, ], release_date: "2017-05-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Buffer overflow in function xmlSnprintfElementContent", }, { cve: "CVE-2017-9048", cwe: { id: "CWE-121", name: "Stack-based Buffer Overflow", }, discovery_date: "2017-05-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1452549", }, ], notes: [ { category: "description", text: "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability exists in the DTD validation functionality of libxml2. Applications that do not attempt to validate untrusted documents are not impacted.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-9048", }, { category: "external", summary: "RHBZ#1452549", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1452549", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-9048", url: "https://www.cve.org/CVERecord?id=CVE-2017-9048", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-9048", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-9048", }, ], release_date: "2017-05-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent", }, { cve: "CVE-2017-9049", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2017-05-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1452556", }, ], notes: [ { category: "description", text: "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-9049", }, { category: "external", summary: "RHBZ#1452556", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1452556", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-9049", url: "https://www.cve.org/CVERecord?id=CVE-2017-9049", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-9049", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-9049", }, ], release_date: "2017-05-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey", }, { cve: "CVE-2017-9050", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2017-05-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1452553", }, ], notes: [ { category: "description", text: "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Heap-based buffer over-read in function xmlDictAddString", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-9050", }, { category: "external", summary: "RHBZ#1452553", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1452553", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-9050", url: "https://www.cve.org/CVERecord?id=CVE-2017-9050", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-9050", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-9050", }, ], release_date: "2017-05-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Heap-based buffer over-read in function xmlDictAddString", }, { cve: "CVE-2017-18258", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2018-04-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1566749", }, ], notes: [ { category: "description", text: "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-18258", }, { category: "external", summary: "RHBZ#1566749", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1566749", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-18258", url: "https://www.cve.org/CVERecord?id=CVE-2017-18258", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", }, ], release_date: "2017-09-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", }, { acknowledgments: [ { names: [ "the Curl project", ], }, { names: [ "Max Dymond", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2017-1000254", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2017-09-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1495541", }, ], notes: [ { category: "description", text: "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", title: "Vulnerability description", }, { category: "summary", text: "curl: FTP PWD response parser out of bounds read", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-1000254", }, { category: "external", summary: "RHBZ#1495541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1495541", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-1000254", url: "https://www.cve.org/CVERecord?id=CVE-2017-1000254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-1000254", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-1000254", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20171004.html", url: "https://curl.haxx.se/docs/adv_20171004.html", }, ], release_date: "2017-10-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: FTP PWD response parser out of bounds read", }, { acknowledgments: [ { names: [ "the Curl project", ], }, { names: [ "Brian Carpenter", "the OSS-Fuzz project", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2017-1000257", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2017-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1503705", }, ], notes: [ { category: "description", text: "A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application.", title: "Vulnerability description", }, { category: "summary", text: "curl: IMAP FETCH response out of bounds read", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-1000257", }, { category: "external", summary: "RHBZ#1503705", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503705", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-1000257", url: "https://www.cve.org/CVERecord?id=CVE-2017-1000257", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-1000257", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-1000257", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_20171023.html", url: "https://curl.haxx.se/docs/adv_20171023.html", }, ], release_date: "2017-10-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, { category: "workaround", details: "Switch off IMAP in `CURLOPT_PROTOCOLS`", product_ids: [ "Text-Only JBCS", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: IMAP FETCH response out of bounds read", }, { acknowledgments: [ { names: [ "the Curl project", ], }, { names: [ "Peter Wu", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2018-0500", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2018-07-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1597101", }, ], notes: [ { category: "description", text: "A heap-based buffer overflow has been found in the Curl_smtp_escape_eob() function of curl. An attacker could exploit this by convincing a user to use curl to upload data over SMTP with a reduced buffer to cause a crash or corrupt memory.", title: "Vulnerability description", }, { category: "summary", text: "curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of curl/libcurl as shipped with Red Hat Enterprise Linux 5, 6 and 7 as they did not include the vulnerable code.\n\nThis issue did not affect the versions of curl/libcurl as shipped with Red Hat Software Collections 3 as they did not include the vulnerable code.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-0500", }, { category: "external", summary: "RHBZ#1597101", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1597101", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-0500", url: "https://www.cve.org/CVERecord?id=CVE-2018-0500", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-0500", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-0500", }, { category: "external", summary: "https://curl.haxx.se/docs/adv_2018-70a2.html", url: "https://curl.haxx.se/docs/adv_2018-70a2.html", }, ], release_date: "2018-07-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-08-16T16:06:16+00:00", details: "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2486", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP", }, ], }
gsd-2016-4975
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).
Aliases
Aliases
{ GSD: { alias: "CVE-2016-4975", description: "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).", id: "GSD-2016-4975", references: [ "https://www.suse.com/security/cve/CVE-2016-4975.html", "https://access.redhat.com/errata/RHSA-2018:2486", "https://access.redhat.com/errata/RHSA-2018:2186", "https://access.redhat.com/errata/RHSA-2018:2185", "https://access.redhat.com/errata/RHSA-2017:0906", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2016-4975", ], details: "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).", id: "GSD-2016-4975", modified: "2023-12-13T01:21:19.045552Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "security@apache.org", DATE_PUBLIC: "2018-08-14", ID: "CVE-2016-4975", STATE: "PUBLIC", TITLE: "mod_userdir CRLF injection", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache HTTP Server", version: { version_data: [ { version_value: "Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23)", }, { version_value: "Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31)", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "The issue was discovered by Sergey Bobrov", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).", }, ], }, impact: [ { lang: "eng", url: "https://httpd.apache.org/security/impact_levels.html#moderate", value: "moderate", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "(undefined)", }, ], }, ], }, references: { reference_data: [ { name: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", refsource: "CONFIRM", url: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", }, { name: "https://security.netapp.com/advisory/ntap-20180926-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20180926-0006/", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us", }, { name: "105093", refsource: "BID", url: "http://www.securityfocus.com/bid/105093", }, { name: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", refsource: "CONFIRM", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.26:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.27:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.24:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.25:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.29:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.2.31:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2016-4975", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-93", }, ], }, ], }, references: { reference_data: [ { name: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", }, { name: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", }, { name: "105093", refsource: "BID", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105093", }, { name: "https://security.netapp.com/advisory/ntap-20180926-0006/", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20180926-0006/", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us", refsource: "CONFIRM", tags: [], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: true, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, }, }, lastModifiedDate: "2021-06-06T11:15Z", publishedDate: "2018-08-14T12:29Z", }, }, }
fkie_cve-2016-4975
Vulnerability from fkie_nvd
Published
2018-08-14 12:29
Modified
2024-11-21 02:53
Severity ?
Summary
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "67AD11FB-529C-404E-A13B-284F145322B8", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*", matchCriteriaId: "CCBBB7FE-35FC-4515-8393-5145339FCE4D", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*", matchCriteriaId: "F519633F-AB68-495A-B85E-FD41F9F752CA", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*", matchCriteriaId: "A894BED6-C97D-4DA4-A13D-9CB2B3306BC5", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*", matchCriteriaId: "34A847D1-5AD5-4EFD-B165-7602AFC1E656", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "9AF3A0F5-4E5C-4278-9927-1F94F25CCAFC", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*", matchCriteriaId: "AB63EBE5-CF14-491E-ABA5-67116DFE3E5B", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*", matchCriteriaId: "8C2A33DE-F55F-4FD8-BB00-9C1E006CA65C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*", matchCriteriaId: "B1CF6394-95D9-42AF-A442-385EFF9CEFE1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*", matchCriteriaId: "02B629FB-88C8-4E85-A137-28770F1E524E", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*", matchCriteriaId: "03550EF0-DF89-42FE-BF0E-994514EBD947", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*", matchCriteriaId: "4886CCAB-6D4E-45C7-B177-2E8DBEA15531", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*", matchCriteriaId: "C35631AC-7C35-4F6A-A95A-3B080E5210ED", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*", matchCriteriaId: "6CED2BA6-BE5E-4EF1-88EB-0DADD23D2EEF", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*", matchCriteriaId: "A71F4154-AD20-4EEA-9E2E-D3385C357DA5", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*", matchCriteriaId: "B0B8C9DB-401E-42B3-BAED-D09A96DE9A90", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*", matchCriteriaId: "062C20A0-05A0-4164-8330-DF6ADFE607F4", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*", matchCriteriaId: "D345BA35-93BB-406F-B5DC-86E49FB29C22", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*", matchCriteriaId: "7ED4892F-C829-4BEA-AB82-6A78F6F2426D", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*", matchCriteriaId: "00128AAD-E746-4DCD-8676-1381E5232220", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:*", matchCriteriaId: "FE0D7ABB-DE11-40D6-8AAF-C626DD7E3914", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.24:*:*:*:*:*:*:*", matchCriteriaId: "5252544F-7BDD-42EE-856E-B351B4B6D381", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.25:*:*:*:*:*:*:*", matchCriteriaId: "58375DE5-F7EC-400D-84A2-CD70B72C4F63", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.26:*:*:*:*:*:*:*", matchCriteriaId: "15233815-C037-41BB-A447-A078F83A93F6", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.27:*:*:*:*:*:*:*", matchCriteriaId: "5444C583-CF83-4ECD-8DF8-66D8C1FCF096", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.29:*:*:*:*:*:*:*", matchCriteriaId: "6C306D07-9DF3-4AD1-9984-ECA094D0F50E", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.2.31:*:*:*:*:*:*:*", matchCriteriaId: "513A1C46-80FF-489C-AD31-F8F790C6D6C9", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*", matchCriteriaId: "6FCD3C8C-9BF8-4F30-981A-593EEAEB9EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*", matchCriteriaId: "046487A3-752B-4D0F-8984-96486B828EAB", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*", matchCriteriaId: "89D2E052-51CD-4B57-A8B8-FAE51988D654", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*", matchCriteriaId: "EAA27058-BACF-4F94-8E3C-7D38EC302EC1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*", matchCriteriaId: "8FEAB0DF-04A9-4F99-8666-0BADC5D642B8", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*", matchCriteriaId: "E7D924D1-8A36-4C43-9E56-52814F9A6350", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*", matchCriteriaId: "39CDFECC-E26D-47E0-976F-6629040B3764", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*", matchCriteriaId: "E3ECBCB1-0675-41F5-857B-438F36925F63", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*", matchCriteriaId: "CB6CBFBF-74F6-42AF-BC79-AA53EA75F00B", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*", matchCriteriaId: "8717A96B-9DB5-48D6-A2CF-A5E2B26AF3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*", matchCriteriaId: "E1F45B27-504B-4202-87B8-BD3B094003F1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*", matchCriteriaId: "F2FB2B98-DFD2-420A-8A7F-9B288651242F", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*", matchCriteriaId: "B803D25B-0A19-4569-BA05-09D58F33917C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*", matchCriteriaId: "8510442C-212F-4013-85FA-E0AB59F6F2C6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).", }, { lang: "es", value: "Posible inyección CRLF que permite ataques de separación de respuesta HTTP para los sitios que emplean mod_userdir. Este problema fue mitigado gracias a los cambios realizados en las versiones 2.4.25 y 2.2.32, que prohíben la inyección CR o LF en \"Location\" o en otro tipo de clave o valor de cabecera saliente. Esto se ha solucionado en Apache HTTP Server 2.4.25 (2.4.1-2.4.23 afectadas). Esto se ha solucionado en Apache HTTP Server 2.2.32 (2.2.0-2.2.31 afectadas).", }, ], id: "CVE-2016-4975", lastModified: "2024-11-21T02:53:20.620", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-08-14T12:29:00.220", references: [ { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105093", }, { source: "security@apache.org", tags: [ "Vendor Advisory", ], url: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", }, { source: "security@apache.org", tags: [ "Vendor Advisory", ], url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20180926-0006/", }, { source: "security@apache.org", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105093", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20180926-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-93", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
ghsa-crcg-r773-w4rv
Vulnerability from github
Published
2022-05-13 01:09
Modified
2022-05-13 01:09
Severity ?
Details
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).
{ affected: [], aliases: [ "CVE-2016-4975", ], database_specific: { cwe_ids: [ "CWE-93", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2018-08-14T12:29:00Z", severity: "MODERATE", }, details: "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).", id: "GHSA-crcg-r773-w4rv", modified: "2022-05-13T01:09:44Z", published: "2022-05-13T01:09:44Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", }, { type: "WEB", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us", }, { type: "WEB", url: "https://security.netapp.com/advisory/ntap-20180926-0006", }, { type: "WEB", url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", }, { type: "WEB", url: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", }, { type: "WEB", url: "http://www.securityfocus.com/bid/105093", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", type: "CVSS_V3", }, ], }
var-201808-0004
Vulnerability from variot
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31). Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201808-0004", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "http server", scope: "eq", trust: 1.6, vendor: "apache", version: "2.4.10", }, { model: "http server", scope: "eq", trust: 1.6, vendor: "apache", version: "2.4.6", }, { model: "http server", scope: "eq", trust: 1.6, vendor: "apache", version: "2.4.4", }, { model: "http server", scope: "eq", trust: 1.6, vendor: "apache", version: "2.4.16", }, { model: "http server", scope: "eq", trust: 1.6, vendor: "apache", version: "2.4.20", }, { model: "http server", scope: "eq", trust: 1.6, vendor: "apache", version: "2.4.17", }, { model: "http server", scope: "eq", trust: 1.6, vendor: "apache", version: "2.4.9", }, { model: "http server", scope: "eq", trust: 1.6, vendor: "apache", version: "2.4.18", }, { model: "http server", scope: "eq", trust: 1.6, vendor: "apache", version: "2.4.12", }, { model: "http server", scope: "eq", trust: 1.6, vendor: "apache", version: "2.4.23", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.19", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.0", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.4.2", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.4.7", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.11", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.2", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.8", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.4.1", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.4.3", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.14", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.9", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.12", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.23", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.31", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.27", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.25", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.4", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.20", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.22", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.18", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.16", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.13", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.3", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.21", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.29", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.6", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.15", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.26", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.17", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.10", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.24", }, { model: "webotx", scope: null, trust: 0.8, vendor: "日本電気", version: null, }, { model: "hitachi it operations director", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "jp1/integrated management", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "ucosminexus developer", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "jp1/service support", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "istorage", scope: null, trust: 0.8, vendor: "日本電気", version: null, }, { model: "ucosminexus service architect", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "hitachi application server", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "jp1/operations analytics", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "jp1/it desktop management - manager", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "jp1/it desktop management", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "ucosminexus primary server", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "simpwright", scope: null, trust: 0.8, vendor: "日本電気", version: null, }, { model: "spoolserverシリーズ", scope: null, trust: 0.8, vendor: "日本電気", version: null, }, { model: "ucosminexus developer light", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "job management partner 1/it desktop management", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "cosminexus http server", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "mailshooter", scope: null, trust: 0.8, vendor: "日本電気", version: null, }, { model: "ucosminexus developer standard", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "ucosminexus application server standard", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "ucosminexus application server enterprise", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "csview", scope: null, trust: 0.8, vendor: "日本電気", version: null, }, { model: "job management partner 1/performance management - web console", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "jp1/automatic job management system 3", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "hitachi application server for developers", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "ucosminexus service platform", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "http server", scope: null, trust: 0.8, vendor: "apache", version: null, }, { model: "job management partner 1/it desktop management - manager", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "ucosminexus application server smart edition", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "job management partner 1/integrated management", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "ucosminexus application server", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "jp1/automatic operation", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "jp1/performance management", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "hitachi web server", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.23", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.20", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.18", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.17", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.16", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.12", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.10", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.31", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.27", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.26", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.25", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.24", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.23", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.15", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.14", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.13", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.12", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.11", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.10", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.9", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.8", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.6", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.5", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.4", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.3", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.2", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.9", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.7", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.6", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.3", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.2", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.1", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.29", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.22", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.21", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.20", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.19", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.18", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.17", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.16", }, { model: "apache", scope: "ne", trust: 0.3, vendor: "apache", version: "2.4.25", }, { model: "apache", scope: "ne", trust: 0.3, vendor: "apache", version: "2.2.32", }, ], sources: [ { db: "BID", id: "105093", }, { db: "JVNDB", id: "JVNDB-2016-008607", }, { db: "CNNVD", id: "CNNVD-201808-445", }, { db: "NVD", id: "CVE-2016-4975", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Sergey Bobrov", sources: [ { db: "BID", id: "105093", }, ], trust: 0.3, }, cve: "CVE-2016-4975", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CVE-2016-4975", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "VENDOR", availabilityImpact: "None", baseScore: 4.3, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2016-008607", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, id: "CVE-2016-4975", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, { attackComplexity: "High", attackVector: "Network", author: "VENDOR", availabilityImpact: "None", baseScore: 4, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2016-008607", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Changed", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2016-4975", trust: 1, value: "MEDIUM", }, { author: "VENDOR", id: "JVNDB-2016-008607", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-201808-445", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2016-4975", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2016-4975", }, { db: "JVNDB", id: "JVNDB-2016-008607", }, { db: "CNNVD", id: "CNNVD-201808-445", }, { db: "NVD", id: "CVE-2016-4975", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31). \nAttackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust", sources: [ { db: "NVD", id: "CVE-2016-4975", }, { db: "JVNDB", id: "JVNDB-2016-008607", }, { db: "BID", id: "105093", }, { db: "VULMON", id: "CVE-2016-4975", }, ], trust: 1.98, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2016-4975", trust: 3.6, }, { db: "BID", id: "105093", trust: 1.9, }, { db: "JVN", id: "JVNVU99304449", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2016-008607", trust: 0.8, }, { db: "AUSCERT", id: "ESB-2019.1415", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201808-445", trust: 0.6, }, { db: "VULMON", id: "CVE-2016-4975", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2016-4975", }, { db: "BID", id: "105093", }, { db: "JVNDB", id: "JVNDB-2016-008607", }, { db: "CNNVD", id: "CNNVD-201808-445", }, { db: "NVD", id: "CVE-2016-4975", }, ], }, id: "VAR-201808-0004", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.206875005, }, last_update_date: "2024-11-23T20:51:26.283000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "hitachi-sec-2018-103", trust: 0.8, url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743", }, { title: "Apache HTTP Server Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83901", }, { title: "Red Hat: CVE-2016-4975", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2016-4975", }, { title: "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182186 - Security Advisory", }, { title: "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182185 - Security Advisory", }, { title: "IBM: IBM Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=38227211accce022b0a3d9b56a974186", }, { title: "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182486 - Security Advisory", }, { title: "", trust: 0.1, url: "https://github.com/tom-riddle0/CRLF ", }, { title: "Pentest-Cheetsheet", trust: 0.1, url: "https://github.com/MrFrozenPepe/Pentest-Cheetsheet ", }, { title: "DC-3-Vulnhub-Walkthrough", trust: 0.1, url: "https://github.com/vshaliii/DC-3-Vulnhub-Walkthrough ", }, { title: "DC-2-Vulnhub-Walkthrough", trust: 0.1, url: "https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough ", }, { title: "DC-1-Vulnhub-Walkthrough", trust: 0.1, url: "https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough ", }, { title: "", trust: 0.1, url: "https://github.com/hrbrmstr/internetdb ", }, { title: "", trust: 0.1, url: "https://github.com/SecureAxom/strike ", }, { title: "", trust: 0.1, url: "https://github.com/imhunterand/hackerone-publicy-disclosed ", }, { title: "Basic-Pentesting-2-Vulnhub-Walkthrough", trust: 0.1, url: "https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough ", }, { title: "", trust: 0.1, url: "https://github.com/bioly230/THM_Skynet ", }, { title: "Basic-Pentesting-2", trust: 0.1, url: "https://github.com/vshaliii/Basic-Pentesting-2 ", }, { title: "", trust: 0.1, url: "https://github.com/NikulinMS/13-01-hw ", }, ], sources: [ { db: "VULMON", id: "CVE-2016-4975", }, { db: "JVNDB", id: "JVNDB-2016-008607", }, { db: "CNNVD", id: "CNNVD-201808-445", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-93", trust: 1, }, { problemtype: "Data processing (CWE-19) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-008607", }, { db: "NVD", id: "CVE-2016-4975", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbux03908en_us", }, { trust: 1.6, url: "https://security.netapp.com/advisory/ntap-20180926-0006/", }, { trust: 1.6, url: "http://www.securityfocus.com/bid/105093", }, { trust: 1.3, url: "https://httpd.apache.org/security/vulnerabilities_24.html#cve-2016-4975", }, { trust: 1, url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://httpd.apache.org/security/vulnerabilities_22.html#cve-2016-4975", }, { trust: 1, url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu99304449/index.html", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2016-8743", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4975", }, { trust: 0.6, url: "httpd.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.", }, { trust: 0.6, url: "httpd.apache.org/security/vulnerabilities_22.html#cve-2016-4975", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.", }, { trust: 0.6, url: "httpd.apache.org/security/vulnerabilities_24.html#cve-2016-4975", }, { trust: 0.6, url: "http://www.ibm.com/support/docview.wss?uid=ibm10715641", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/79678", }, { trust: 0.3, url: "http://www.apache.org/", }, ], sources: [ { db: "BID", id: "105093", }, { db: "JVNDB", id: "JVNDB-2016-008607", }, { db: "CNNVD", id: "CNNVD-201808-445", }, { db: "NVD", id: "CVE-2016-4975", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2016-4975", }, { db: "BID", id: "105093", }, { db: "JVNDB", id: "JVNDB-2016-008607", }, { db: "CNNVD", id: "CNNVD-201808-445", }, { db: "NVD", id: "CVE-2016-4975", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-08-14T00:00:00", db: "VULMON", id: "CVE-2016-4975", }, { date: "2018-08-14T00:00:00", db: "BID", id: "105093", }, { date: "2017-06-26T00:00:00", db: "JVNDB", id: "JVNDB-2016-008607", }, { date: "2018-08-14T00:00:00", db: "CNNVD", id: "CNNVD-201808-445", }, { date: "2018-08-14T12:29:00.220000", db: "NVD", id: "CVE-2016-4975", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-11-07T00:00:00", db: "VULMON", id: "CVE-2016-4975", }, { date: "2018-08-14T00:00:00", db: "BID", id: "105093", }, { date: "2023-06-29T00:58:00", db: "JVNDB", id: "JVNDB-2016-008607", }, { date: "2021-06-07T00:00:00", db: "CNNVD", id: "CNNVD-201808-445", }, { date: "2024-11-21T02:53:20.620000", db: "NVD", id: "CVE-2016-4975", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201808-445", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Cosminexus HTTP Server and Hitachi Web Server Vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2016-008607", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "injection", sources: [ { db: "CNNVD", id: "CNNVD-201808-445", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.