rhsa-2018_2187
Vulnerability from csaf_redhat
Published
2018-07-12 16:04
Modified
2024-11-22 11:16
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update

Notes

Topic
Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release. This release upgrades OpenSSL to version 1.0.2.n Security Fix(es): * openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182) * openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302) * openssl: certificate message OOB reads (CVE-2016-6306) * openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055) * openssl: Truncated packet could crash via OOB read (CVE-2017-3731) * openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) * openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * openssl: Read/write after SSL object in error state (CVE-2017-3737) * openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6306 and CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available.\n\nRed Hat Product Security has rated this release as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer\nto the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release.\n\nThis release upgrades OpenSSL to version 1.0.2.n\n\nSecurity Fix(es):\n\n*  openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)\n\n*  openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)\n\n*  openssl: certificate message OOB reads (CVE-2016-6306)\n\n*  openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)\n\n*  openssl: Truncated packet could crash via OOB read (CVE-2017-3731)\n\n*  openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)\n\n*  openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)\n\n*  openssl: Read/write after SSL object in error state (CVE-2017-3737)\n\n*  openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6306\nand CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360\nInc.) as the original reporter of CVE-2016-6306.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:2187",
        "url": "https://access.redhat.com/errata/RHSA-2018:2187"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/"
      },
      {
        "category": "external",
        "summary": "1367340",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367340"
      },
      {
        "category": "external",
        "summary": "1369855",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369855"
      },
      {
        "category": "external",
        "summary": "1377594",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377594"
      },
      {
        "category": "external",
        "summary": "1393929",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393929"
      },
      {
        "category": "external",
        "summary": "1416852",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416852"
      },
      {
        "category": "external",
        "summary": "1416856",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416856"
      },
      {
        "category": "external",
        "summary": "1509169",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509169"
      },
      {
        "category": "external",
        "summary": "1523504",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523504"
      },
      {
        "category": "external",
        "summary": "1523510",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523510"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2187.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update",
    "tracking": {
      "current_release_date": "2024-11-22T11:16:15+00:00",
      "generator": {
        "date": "2024-11-22T11:16:15+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2018:2187",
      "initial_release_date": "2018-07-12T16:04:49+00:00",
      "revision_history": [
        {
          "date": "2018-07-12T16:04:49+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-07-12T16:04:49+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T11:16:15+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Core Services 1",
                "product": {
                  "name": "Red Hat JBoss Core Services 1",
                  "product_id": "Red Hat JBoss Core Services 1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_core_services:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Core Services"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-2182",
      "cwe": {
        "id": "CWE-391",
        "name": "Unchecked Error Condition"
      },
      "discovery_date": "2016-08-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1367340"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-2182"
        },
        {
          "category": "external",
          "summary": "RHBZ#1367340",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367340"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-2182",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-2182"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2182",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2182"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20160922.txt",
          "url": "https://www.openssl.org/news/secadv/20160922.txt"
        }
      ],
      "release_date": "2016-08-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-07-12T16:04:49+00:00",
          "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically.",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2187"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()"
    },
    {
      "cve": "CVE-2016-6302",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2016-08-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1369855"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: Insufficient TLS session ticket HMAC length checks",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-6302"
        },
        {
          "category": "external",
          "summary": "RHBZ#1369855",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369855"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-6302",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-6302"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6302",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6302"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20160922.txt",
          "url": "https://www.openssl.org/news/secadv/20160922.txt"
        }
      ],
      "release_date": "2016-08-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-07-12T16:04:49+00:00",
          "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically.",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2187"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: Insufficient TLS session ticket HMAC length checks"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "the OpenSSL project"
          ]
        },
        {
          "names": [
            "Shi Lei"
          ],
          "organization": "Gear Team of Qihoo 360 Inc.",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2016-6306",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2016-09-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1377594"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: certificate message OOB reads",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-6306"
        },
        {
          "category": "external",
          "summary": "RHBZ#1377594",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377594"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-6306",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-6306"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6306",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6306"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20160922.txt",
          "url": "https://www.openssl.org/news/secadv/20160922.txt"
        }
      ],
      "release_date": "2016-09-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-07-12T16:04:49+00:00",
          "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically.",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2187"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 1.2,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openssl: certificate message OOB reads"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "the OpenSSL project"
          ]
        }
      ],
      "cve": "CVE-2016-7055",
      "cwe": {
        "id": "CWE-682",
        "name": "Incorrect Calculation"
      },
      "discovery_date": "2016-10-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1393929"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker\u0027s direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: Carry propagating bug in Montgomery multiplication",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-7055"
        },
        {
          "category": "external",
          "summary": "RHBZ#1393929",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393929"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-7055",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-7055"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7055",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7055"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20161110.txt",
          "url": "https://www.openssl.org/news/secadv/20161110.txt"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20170126.txt",
          "url": "https://www.openssl.org/news/secadv/20170126.txt"
        }
      ],
      "release_date": "2016-10-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-07-12T16:04:49+00:00",
          "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically.",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2187"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openssl: Carry propagating bug in Montgomery multiplication"
    },
    {
      "cve": "CVE-2017-3731",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2017-01-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1416852"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: Truncated packet could crash via OOB read",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-3731"
        },
        {
          "category": "external",
          "summary": "RHBZ#1416852",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416852"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3731",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-3731"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3731",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3731"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20170126.txt",
          "url": "https://www.openssl.org/news/secadv/20170126.txt"
        }
      ],
      "release_date": "2017-01-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-07-12T16:04:49+00:00",
          "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically.",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2187"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: Truncated packet could crash via OOB read"
    },
    {
      "cve": "CVE-2017-3732",
      "discovery_date": "2017-01-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1416856"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: BN_mod_exp may produce incorrect results on x86_64",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-3732"
        },
        {
          "category": "external",
          "summary": "RHBZ#1416856",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416856"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3732",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-3732"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3732",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3732"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20170126.txt",
          "url": "https://www.openssl.org/news/secadv/20170126.txt"
        }
      ],
      "release_date": "2017-01-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-07-12T16:04:49+00:00",
          "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically.",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2187"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: BN_mod_exp may produce incorrect results on x86_64"
    },
    {
      "cve": "CVE-2017-3736",
      "cwe": {
        "id": "CWE-682",
        "name": "Incorrect Calculation"
      },
      "discovery_date": "2017-11-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1509169"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: bn_sqrx8x_internal carry bug on x86_64",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-3736"
        },
        {
          "category": "external",
          "summary": "RHBZ#1509169",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509169"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3736",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-3736"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3736",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3736"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20171102.txt",
          "url": "https://www.openssl.org/news/secadv/20171102.txt"
        }
      ],
      "release_date": "2017-11-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-07-12T16:04:49+00:00",
          "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically.",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2187"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: bn_sqrx8x_internal carry bug on x86_64"
    },
    {
      "cve": "CVE-2017-3737",
      "cwe": {
        "id": "CWE-391",
        "name": "Unchecked Error Condition"
      },
      "discovery_date": "2017-12-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1523504"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: Read/write after SSL object in error state",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-3737"
        },
        {
          "category": "external",
          "summary": "RHBZ#1523504",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523504"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3737",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-3737"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3737",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3737"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20171207.txt",
          "url": "https://www.openssl.org/news/secadv/20171207.txt"
        }
      ],
      "release_date": "2017-12-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-07-12T16:04:49+00:00",
          "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically.",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2187"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: Read/write after SSL object in error state"
    },
    {
      "cve": "CVE-2017-3738",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2017-12-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1523510"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: rsaz_1024_mul_avx2 overflow bug on x86_64",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-3738"
        },
        {
          "category": "external",
          "summary": "RHBZ#1523510",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523510"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3738",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3738",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3738"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20171207.txt",
          "url": "https://www.openssl.org/news/secadv/20171207.txt"
        }
      ],
      "release_date": "2017-12-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-07-12T16:04:49+00:00",
          "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically.",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2187"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openssl: rsaz_1024_mul_avx2 overflow bug on x86_64"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.