Vulnerability from csaf_suse
Published
2017-10-18 11:46
Modified
2017-10-18 11:46
Summary
Security update for apache2
Notes
Title of the patch
Security update for apache2
Description of the patch
This update for apache2 fixes several issues.
These security issues were fixed:
- CVE-2017-9798: Prevent use-after-free use of memory that allowed for an
information leak via OPTIONS (bsc#1058058)
- CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest could have
lead to leakage of potentially confidential information, and a segfault in
other cases resulting in DoS (bsc#1048576).
- CVE-2017-7679: mod_mime could have read one byte past the end of a buffer
when sending a malicious Content-Type response header (bsc#1045060).
- CVE-2017-3169: mod_ssl may dereferenced a NULL pointer when third-party
modules call ap_hook_process_connection() during an HTTP request to an HTTPS
port allowing for DoS (bsc#1045062).
- CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules
outside of the authentication phase may have lead to authentication
requirements being bypassed (bsc#1045065).
These non-security issues were fixed:
- remove /usr/bin/http2 symlink only during apache2 package
uninstall, not upgrade (bsc#1041830)
- gensslcert: use hostname when fqdn is too long (bsc#1035829)
- add NotifyAccess=all to service file (bsc#980663)
Patchnames
SUSE-SLE-SERVER-12-2017-1709
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for apache2", title: "Title of the patch", }, { category: "description", text: "This update for apache2 fixes several issues.\n\nThese security issues were fixed:\n \n- CVE-2017-9798: Prevent use-after-free use of memory that allowed for an\n information leak via OPTIONS (bsc#1058058)\n- CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest could have\n lead to leakage of potentially confidential information, and a segfault in\n other cases resulting in DoS (bsc#1048576).\n- CVE-2017-7679: mod_mime could have read one byte past the end of a buffer\n when sending a malicious Content-Type response header (bsc#1045060).\n- CVE-2017-3169: mod_ssl may dereferenced a NULL pointer when third-party\n modules call ap_hook_process_connection() during an HTTP request to an HTTPS\n port allowing for DoS (bsc#1045062).\n- CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules\n outside of the authentication phase may have lead to authentication\n requirements being bypassed (bsc#1045065).\n\nThese non-security issues were fixed:\n\n- remove /usr/bin/http2 symlink only during apache2 package \n uninstall, not upgrade (bsc#1041830)\n- gensslcert: use hostname when fqdn is too long (bsc#1035829)\n- add NotifyAccess=all to service file (bsc#980663)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-SLE-SERVER-12-2017-1709", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2756-1.json", }, { category: "self", summary: "URL for SUSE-SU-2017:2756-1", url: "https://www.suse.com/support/update/announcement/2017/suse-su-20172756-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2017:2756-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2017-October/003305.html", }, { category: "self", summary: "SUSE Bug 1035829", url: "https://bugzilla.suse.com/1035829", }, { category: "self", summary: "SUSE Bug 1041830", url: "https://bugzilla.suse.com/1041830", }, { category: "self", summary: "SUSE Bug 1045060", url: "https://bugzilla.suse.com/1045060", }, { category: "self", summary: "SUSE Bug 1045062", url: "https://bugzilla.suse.com/1045062", }, { category: "self", summary: "SUSE Bug 1045065", url: "https://bugzilla.suse.com/1045065", }, { category: "self", summary: "SUSE Bug 1048576", url: "https://bugzilla.suse.com/1048576", }, { category: "self", summary: "SUSE Bug 1058058", url: "https://bugzilla.suse.com/1058058", }, { category: "self", summary: "SUSE Bug 980663", url: "https://bugzilla.suse.com/980663", }, { category: "self", summary: "SUSE CVE CVE-2017-3167 page", url: "https://www.suse.com/security/cve/CVE-2017-3167/", }, { category: "self", summary: "SUSE CVE CVE-2017-3169 page", url: "https://www.suse.com/security/cve/CVE-2017-3169/", }, { category: "self", summary: "SUSE CVE CVE-2017-7679 page", url: "https://www.suse.com/security/cve/CVE-2017-7679/", }, { category: "self", summary: "SUSE CVE CVE-2017-9788 page", url: "https://www.suse.com/security/cve/CVE-2017-9788/", }, { category: "self", summary: "SUSE CVE CVE-2017-9798 page", url: "https://www.suse.com/security/cve/CVE-2017-9798/", }, ], title: "Security update for apache2", tracking: { current_release_date: "2017-10-18T11:46:36Z", generator: { date: "2017-10-18T11:46:36Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2017:2756-1", initial_release_date: "2017-10-18T11:46:36Z", revision_history: [ { date: "2017-10-18T11:46:36Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "apache2-doc-2.4.10-14.28.1.noarch", product: { name: "apache2-doc-2.4.10-14.28.1.noarch", product_id: "apache2-doc-2.4.10-14.28.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "apache2-2.4.10-14.28.1.ppc64le", product: { name: "apache2-2.4.10-14.28.1.ppc64le", product_id: "apache2-2.4.10-14.28.1.ppc64le", }, }, { category: "product_version", name: "apache2-example-pages-2.4.10-14.28.1.ppc64le", product: { name: "apache2-example-pages-2.4.10-14.28.1.ppc64le", product_id: "apache2-example-pages-2.4.10-14.28.1.ppc64le", }, }, { category: "product_version", name: "apache2-prefork-2.4.10-14.28.1.ppc64le", product: { name: "apache2-prefork-2.4.10-14.28.1.ppc64le", product_id: "apache2-prefork-2.4.10-14.28.1.ppc64le", }, }, { category: "product_version", name: "apache2-utils-2.4.10-14.28.1.ppc64le", product: { name: "apache2-utils-2.4.10-14.28.1.ppc64le", product_id: "apache2-utils-2.4.10-14.28.1.ppc64le", }, }, { category: "product_version", name: "apache2-worker-2.4.10-14.28.1.ppc64le", product: { name: "apache2-worker-2.4.10-14.28.1.ppc64le", product_id: "apache2-worker-2.4.10-14.28.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "apache2-2.4.10-14.28.1.s390x", product: { name: "apache2-2.4.10-14.28.1.s390x", product_id: "apache2-2.4.10-14.28.1.s390x", }, }, { category: "product_version", name: "apache2-example-pages-2.4.10-14.28.1.s390x", product: { name: "apache2-example-pages-2.4.10-14.28.1.s390x", product_id: "apache2-example-pages-2.4.10-14.28.1.s390x", }, }, { category: "product_version", name: "apache2-prefork-2.4.10-14.28.1.s390x", product: { name: "apache2-prefork-2.4.10-14.28.1.s390x", product_id: "apache2-prefork-2.4.10-14.28.1.s390x", }, }, { category: "product_version", name: "apache2-utils-2.4.10-14.28.1.s390x", product: { name: "apache2-utils-2.4.10-14.28.1.s390x", product_id: "apache2-utils-2.4.10-14.28.1.s390x", }, }, { category: "product_version", name: "apache2-worker-2.4.10-14.28.1.s390x", product: { name: "apache2-worker-2.4.10-14.28.1.s390x", product_id: "apache2-worker-2.4.10-14.28.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "apache2-2.4.10-14.28.1.x86_64", product: { name: "apache2-2.4.10-14.28.1.x86_64", product_id: "apache2-2.4.10-14.28.1.x86_64", }, }, { category: "product_version", name: "apache2-example-pages-2.4.10-14.28.1.x86_64", product: { name: "apache2-example-pages-2.4.10-14.28.1.x86_64", product_id: "apache2-example-pages-2.4.10-14.28.1.x86_64", }, }, { category: "product_version", name: "apache2-prefork-2.4.10-14.28.1.x86_64", product: { name: "apache2-prefork-2.4.10-14.28.1.x86_64", product_id: "apache2-prefork-2.4.10-14.28.1.x86_64", }, }, { category: "product_version", name: "apache2-utils-2.4.10-14.28.1.x86_64", product: { name: "apache2-utils-2.4.10-14.28.1.x86_64", product_id: "apache2-utils-2.4.10-14.28.1.x86_64", }, }, { category: "product_version", name: "apache2-worker-2.4.10-14.28.1.x86_64", product: { name: "apache2-worker-2.4.10-14.28.1.x86_64", product_id: "apache2-worker-2.4.10-14.28.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Server 12-LTSS", product: { name: "SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:12", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "apache2-2.4.10-14.28.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le", }, product_reference: "apache2-2.4.10-14.28.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, { category: "default_component_of", full_product_name: { name: "apache2-2.4.10-14.28.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x", }, product_reference: "apache2-2.4.10-14.28.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, { category: "default_component_of", full_product_name: { name: "apache2-2.4.10-14.28.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64", }, product_reference: "apache2-2.4.10-14.28.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, { category: "default_component_of", full_product_name: { name: "apache2-doc-2.4.10-14.28.1.noarch as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch", }, product_reference: "apache2-doc-2.4.10-14.28.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, { category: "default_component_of", full_product_name: { name: "apache2-example-pages-2.4.10-14.28.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le", }, product_reference: "apache2-example-pages-2.4.10-14.28.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, { category: "default_component_of", full_product_name: { name: "apache2-example-pages-2.4.10-14.28.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x", }, product_reference: "apache2-example-pages-2.4.10-14.28.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, { category: "default_component_of", full_product_name: { name: "apache2-example-pages-2.4.10-14.28.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64", }, product_reference: "apache2-example-pages-2.4.10-14.28.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, { category: "default_component_of", full_product_name: { name: "apache2-prefork-2.4.10-14.28.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le", }, product_reference: "apache2-prefork-2.4.10-14.28.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, { category: "default_component_of", full_product_name: { name: "apache2-prefork-2.4.10-14.28.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x", }, product_reference: "apache2-prefork-2.4.10-14.28.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, { category: "default_component_of", full_product_name: { name: "apache2-prefork-2.4.10-14.28.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64", }, product_reference: "apache2-prefork-2.4.10-14.28.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, { category: "default_component_of", full_product_name: { name: "apache2-utils-2.4.10-14.28.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le", }, product_reference: "apache2-utils-2.4.10-14.28.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, { category: "default_component_of", full_product_name: { name: "apache2-utils-2.4.10-14.28.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x", }, product_reference: "apache2-utils-2.4.10-14.28.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, { category: "default_component_of", full_product_name: { name: "apache2-utils-2.4.10-14.28.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64", }, product_reference: "apache2-utils-2.4.10-14.28.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, { category: "default_component_of", full_product_name: { name: "apache2-worker-2.4.10-14.28.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le", }, product_reference: "apache2-worker-2.4.10-14.28.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, { category: "default_component_of", full_product_name: { name: "apache2-worker-2.4.10-14.28.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x", }, product_reference: "apache2-worker-2.4.10-14.28.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, { category: "default_component_of", full_product_name: { name: "apache2-worker-2.4.10-14.28.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64", }, product_reference: "apache2-worker-2.4.10-14.28.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, ], }, vulnerabilities: [ { cve: "CVE-2017-3167", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3167", }, ], notes: [ { category: "general", text: "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3167", url: "https://www.suse.com/security/cve/CVE-2017-3167", }, { category: "external", summary: "SUSE Bug 1045065 for CVE-2017-3167", url: "https://bugzilla.suse.com/1045065", }, { category: "external", summary: "SUSE Bug 1078450 for CVE-2017-3167", url: "https://bugzilla.suse.com/1078450", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-10-18T11:46:36Z", details: "important", }, ], title: "CVE-2017-3167", }, { cve: "CVE-2017-3169", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3169", }, ], notes: [ { category: "general", text: "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3169", url: "https://www.suse.com/security/cve/CVE-2017-3169", }, { category: "external", summary: "SUSE Bug 1045062 for CVE-2017-3169", url: "https://bugzilla.suse.com/1045062", }, { category: "external", summary: "SUSE Bug 1078450 for CVE-2017-3169", url: "https://bugzilla.suse.com/1078450", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-10-18T11:46:36Z", details: "moderate", }, ], title: "CVE-2017-3169", }, { cve: "CVE-2017-7679", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7679", }, ], notes: [ { category: "general", text: "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7679", url: "https://www.suse.com/security/cve/CVE-2017-7679", }, { category: "external", summary: "SUSE Bug 1045060 for CVE-2017-7679", url: "https://bugzilla.suse.com/1045060", }, { category: "external", summary: "SUSE Bug 1057861 for CVE-2017-7679", url: "https://bugzilla.suse.com/1057861", }, { category: "external", summary: "SUSE Bug 1078450 for CVE-2017-7679", url: "https://bugzilla.suse.com/1078450", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-10-18T11:46:36Z", details: "moderate", }, ], title: "CVE-2017-7679", }, { cve: "CVE-2017-9788", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-9788", }, ], notes: [ { category: "general", text: "In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-9788", url: "https://www.suse.com/security/cve/CVE-2017-9788", }, { category: "external", summary: "SUSE Bug 1048576 for CVE-2017-9788", url: "https://bugzilla.suse.com/1048576", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-10-18T11:46:36Z", details: "moderate", }, ], title: "CVE-2017-9788", }, { cve: "CVE-2017-9798", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-9798", }, ], notes: [ { category: "general", text: "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-9798", url: "https://www.suse.com/security/cve/CVE-2017-9798", }, { category: "external", summary: "SUSE Bug 1058058 for CVE-2017-9798", url: "https://bugzilla.suse.com/1058058", }, { category: "external", summary: "SUSE Bug 1060757 for CVE-2017-9798", url: "https://bugzilla.suse.com/1060757", }, { category: "external", summary: "SUSE Bug 1077582 for CVE-2017-9798", url: "https://bugzilla.suse.com/1077582", }, { category: "external", summary: "SUSE Bug 1078450 for CVE-2017-9798", url: "https://bugzilla.suse.com/1078450", }, { category: "external", summary: "SUSE Bug 1089997 for CVE-2017-9798", url: "https://bugzilla.suse.com/1089997", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-10-18T11:46:36Z", details: "moderate", }, ], title: "CVE-2017-9798", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.