var-201706-0272
Vulnerability from variot
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Apache httpd Contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Apache HTTP Server is prone to an authentication bypass vulnerability. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. The following versions are vulnerable: Apache HTTP Server 2.2.0 to 2.2.32 Apache HTTP Server 2.4.0 to 2.4.25. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
- An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. JIRA issues fixed (https://issues.jboss.org/):
JBCS-403 - Errata for httpd 2.4.23.SP3 RHEL6
-
(CVE-2017-7679)
-
A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. (CVE-2017-9798)
Red Hat would like to thank Hanno BAPck for reporting CVE-2017-9798. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: httpd security update Advisory ID: RHSA-2017:2478-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2478 Issue date: 2017-08-15 CVE Names: CVE-2017-3167 CVE-2017-3169 CVE-2017-7679 CVE-2017-9788 =====================================================================
- Summary:
An update for httpd is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
Security Fix(es):
-
It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-3167)
-
A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)
-
A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass 1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference 1463207 - CVE-2017-7679 httpd: mod_mime buffer overread 1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: httpd-2.2.15-60.el6_9.5.src.rpm
i386: httpd-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-tools-2.2.15-60.el6_9.5.i686.rpm
x86_64: httpd-2.2.15-60.el6_9.5.x86_64.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-tools-2.2.15-60.el6_9.5.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm mod_ssl-2.2.15-60.el6_9.5.i686.rpm
noarch: httpd-manual-2.2.15-60.el6_9.5.noarch.rpm
x86_64: httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.x86_64.rpm mod_ssl-2.2.15-60.el6_9.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: httpd-2.2.15-60.el6_9.5.src.rpm
x86_64: httpd-2.2.15-60.el6_9.5.x86_64.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-tools-2.2.15-60.el6_9.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
noarch: httpd-manual-2.2.15-60.el6_9.5.noarch.rpm
x86_64: httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.x86_64.rpm mod_ssl-2.2.15-60.el6_9.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: httpd-2.2.15-60.el6_9.5.src.rpm
i386: httpd-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-tools-2.2.15-60.el6_9.5.i686.rpm mod_ssl-2.2.15-60.el6_9.5.i686.rpm
noarch: httpd-manual-2.2.15-60.el6_9.5.noarch.rpm
ppc64: httpd-2.2.15-60.el6_9.5.ppc64.rpm httpd-debuginfo-2.2.15-60.el6_9.5.ppc.rpm httpd-debuginfo-2.2.15-60.el6_9.5.ppc64.rpm httpd-devel-2.2.15-60.el6_9.5.ppc.rpm httpd-devel-2.2.15-60.el6_9.5.ppc64.rpm httpd-tools-2.2.15-60.el6_9.5.ppc64.rpm mod_ssl-2.2.15-60.el6_9.5.ppc64.rpm
s390x: httpd-2.2.15-60.el6_9.5.s390x.rpm httpd-debuginfo-2.2.15-60.el6_9.5.s390.rpm httpd-debuginfo-2.2.15-60.el6_9.5.s390x.rpm httpd-devel-2.2.15-60.el6_9.5.s390.rpm httpd-devel-2.2.15-60.el6_9.5.s390x.rpm httpd-tools-2.2.15-60.el6_9.5.s390x.rpm mod_ssl-2.2.15-60.el6_9.5.s390x.rpm
x86_64: httpd-2.2.15-60.el6_9.5.x86_64.rpm httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.x86_64.rpm httpd-tools-2.2.15-60.el6_9.5.x86_64.rpm mod_ssl-2.2.15-60.el6_9.5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: httpd-2.2.15-60.el6_9.5.src.rpm
i386: httpd-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-tools-2.2.15-60.el6_9.5.i686.rpm mod_ssl-2.2.15-60.el6_9.5.i686.rpm
noarch: httpd-manual-2.2.15-60.el6_9.5.noarch.rpm
x86_64: httpd-2.2.15-60.el6_9.5.x86_64.rpm httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.x86_64.rpm httpd-tools-2.2.15-60.el6_9.5.x86_64.rpm mod_ssl-2.2.15-60.el6_9.5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-3167 https://access.redhat.com/security/cve/CVE-2017-3169 https://access.redhat.com/security/cve/CVE-2017-7679 https://access.redhat.com/security/cve/CVE-2017-9788 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZkzq3XlSAg2UNWIIRAjxIAJ9JoJcSMguc2VTpgJl2P5BGoM2IrACfXd/8 Jxb2g1bdehw6Jjq0qF13AEM= =ZvYI -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0272", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.7" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.2" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.2.0" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.2" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "clustered data ontap", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.4.26" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.7" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.5" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "oncommand unified manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.7" }, { "model": "jboss core services", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.0" }, { "model": "storagegrid", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.4.0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.2" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.2.33" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "mac os x", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "10.13.1" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.7" }, { "model": "secure global desktop", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "5.3" }, { "model": "jp1/automatic job management system 3", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- manager web console" }, { "model": "jp1/integrated management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- service support starter edition" }, { "model": "jp1/it desktop management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "2 - operations director" }, { "model": "web server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- custom edition" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "(64)" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "job management partner 1/integrated management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- service support" }, { "model": "web server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- messaging" }, { "model": "jp1/integrated management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- service support advanced edition" }, { "model": "job management partner 1/it desktop management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "2 - smart device manager" }, { "model": "jp1/performance management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web console" }, { "model": "ucosminexus developer standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "(64)" }, { "model": "httpd", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "2.4.26" }, { "model": "jp1/performance management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- manager" }, { "model": "jp1/it desktop management - manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/automatic operation", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "job management partner 1/performance management - web console", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "job management partner 1/it desktop management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "2 - manager" }, { "model": "ucosminexus developer light", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "jp1/it desktop management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "2 - smart device manager" }, { "model": "application server for developers", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- service support" }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard-r" }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base(64)" }, { "model": "job management partner 1/integrated management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- service support advanced edition" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "httpd", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "2.2.33" }, { "model": "it operations director", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/service support", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "jp1/operations analytics", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/service support", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "starter edition" }, { "model": "cosminexus http server", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "-r" }, { "model": "jp1/it desktop management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "2 - manager" }, { "model": "job management partner 1/it desktop management - manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service architect", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/performance management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- manager web console" }, { "model": "spoolserver/winspool series", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "reportfiling ver5.2 ~ 6.2" }, { "model": "ucosminexus application server standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "web server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- security edition" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "httpd", "scope": "lt", "trust": 0.8, "vendor": "apache", "version": "2.2.x" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus application server smart edition", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "application server", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "httpd", "scope": "lt", "trust": 0.8, "vendor": "apache", "version": "2.4.x" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.0" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.31" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.30" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.24" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.25" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.29" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.22" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.23" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.26" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.27" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "17.04" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "16.10" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "16.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "software collections for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "0" }, { "model": "jboss web server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "0" }, { "model": "jboss ews", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2" }, { "model": "jboss eap", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "jboss core services", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "1" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.52" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.52" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.09" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.033" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.029" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.11" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.4" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.3" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.2" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.9" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.8" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.7" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.6" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.5" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.4" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.3" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.11" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.10" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.1" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.13" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.12" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.11" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.4.27" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.5" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.43" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.39" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.27" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.25" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.21" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.19" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.17" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.15" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.13" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.25" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.20" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.19" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.18" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.17" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.16" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.14" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.12" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.11" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.10" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.4" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.26" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.25" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.24" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.23" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.15" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.14" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.13" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.12" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.11" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.10" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.3" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.24" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.13" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.32" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.29" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.22" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.21" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.20" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.19" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.18" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.17" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.1" }, { "model": "http server", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.5" }, { "model": "http server", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.12" }, { "model": "http server", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "http server", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.45" }, { "model": "apache", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "2.4.26" }, { "model": "2.2.33-dev", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": null } ], "sources": [ { "db": "BID", "id": "99135" }, { "db": "JVNDB", "id": "JVNDB-2017-005023" }, { "db": "CNNVD", "id": "CNNVD-201706-789" }, { "db": "NVD", "id": "CVE-2017-3167" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:httpd", "vulnerable": true }, { "cpe22Uri": "cpe:/h:nec:spoolserver_winspool", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hitachi_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hitachi_application_server_for_developers", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:it_operations_director", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hitachi_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:job_management_partner_1_integrated_management", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:job_management_partner_1%2Fit_desktop_management", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:job_management_partner_1%2Fit_desktop_management-manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:job_management_partner_1_performance_management_web_console", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_automatic_job_management_system_3", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_automatic_operation", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_integrated_management", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_it_desktop_management", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1%2Fit_desktop_management-manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_operation_analytics", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_performance_management", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_service_support", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_enterprise", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_standard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_light", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_standard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_architect", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_platform", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-005023" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "145457" }, { "db": "PACKETSTORM", "id": "144960" }, { "db": "PACKETSTORM", "id": "143766" }, { "db": "PACKETSTORM", "id": "145455" }, { "db": "PACKETSTORM", "id": "144968" }, { "db": "PACKETSTORM", "id": "144969" } ], "trust": 0.6 }, "cve": "CVE-2017-3167", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2017-3167", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2017-3167", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2017-3167", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-3167", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2017-3167", "trust": 0.8, "value": "Critical" }, { "author": "CNNVD", "id": "CNNVD-201706-789", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2017-3167", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2017-3167" }, { "db": "JVNDB", "id": "JVNDB-2017-005023" }, { "db": "CNNVD", "id": "CNNVD-201706-789" }, { "db": "NVD", "id": "CVE-2017-3167" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Apache httpd Contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Apache HTTP Server is prone to an authentication bypass vulnerability. \nAn attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. \nThe following versions are vulnerable:\nApache HTTP Server 2.2.0 to 2.2.32\nApache HTTP Server 2.4.0 to 2.4.25. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23\nService Pack 3 serves as an update to Red Hat JBoss Core Services Apache\nHTTP Server 2.4.23 Service Pack 2, and includes bug fixes, which are\ndocumented in the Release Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* An out-of-bounds array dereference was found in apr_time_exp_get(). An\nattacker could abuse an unvalidated usage of this function to cause a\ndenial of service or potentially lead to data leak. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-403 - Errata for httpd 2.4.23.SP3 RHEL6\n\n7. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive used\nin an .htaccess file. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno BAPck for reporting CVE-2017-9798. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: httpd security update\nAdvisory ID: RHSA-2017:2478-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:2478\nIssue date: 2017-08-15\nCVE Names: CVE-2017-3167 CVE-2017-3169 CVE-2017-7679 \n CVE-2017-9788 \n=====================================================================\n\n1. Summary:\n\nAn update for httpd is now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64\n\n3. \n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not\nproperly initialize memory before using it when processing certain headers\nrelated to digest authentication. A remote attacker could possibly use this\nflaw to disclose potentially sensitive information or cause httpd child\nprocess to crash by sending specially crafted requests to a server. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. \nA remote attacker could use this flaw to cause an httpd child process to\ncrash if another module used by httpd called a certain API function during\nthe processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user\npermitted to modify httpd\u0027s MIME configuration could use this flaw to cause\nhttpd child process to crash. (CVE-2017-7679)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass\n1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference\n1463207 - CVE-2017-7679 httpd: mod_mime buffer overread\n1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nhttpd-2.2.15-60.el6_9.5.src.rpm\n\ni386:\nhttpd-2.2.15-60.el6_9.5.i686.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm\nhttpd-tools-2.2.15-60.el6_9.5.i686.rpm\n\nx86_64:\nhttpd-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-tools-2.2.15-60.el6_9.5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nhttpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm\nhttpd-devel-2.2.15-60.el6_9.5.i686.rpm\nmod_ssl-2.2.15-60.el6_9.5.i686.rpm\n\nnoarch:\nhttpd-manual-2.2.15-60.el6_9.5.noarch.rpm\n\nx86_64:\nhttpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-devel-2.2.15-60.el6_9.5.i686.rpm\nhttpd-devel-2.2.15-60.el6_9.5.x86_64.rpm\nmod_ssl-2.2.15-60.el6_9.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nhttpd-2.2.15-60.el6_9.5.src.rpm\n\nx86_64:\nhttpd-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-tools-2.2.15-60.el6_9.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nnoarch:\nhttpd-manual-2.2.15-60.el6_9.5.noarch.rpm\n\nx86_64:\nhttpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-devel-2.2.15-60.el6_9.5.i686.rpm\nhttpd-devel-2.2.15-60.el6_9.5.x86_64.rpm\nmod_ssl-2.2.15-60.el6_9.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nhttpd-2.2.15-60.el6_9.5.src.rpm\n\ni386:\nhttpd-2.2.15-60.el6_9.5.i686.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm\nhttpd-devel-2.2.15-60.el6_9.5.i686.rpm\nhttpd-tools-2.2.15-60.el6_9.5.i686.rpm\nmod_ssl-2.2.15-60.el6_9.5.i686.rpm\n\nnoarch:\nhttpd-manual-2.2.15-60.el6_9.5.noarch.rpm\n\nppc64:\nhttpd-2.2.15-60.el6_9.5.ppc64.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.ppc.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.ppc64.rpm\nhttpd-devel-2.2.15-60.el6_9.5.ppc.rpm\nhttpd-devel-2.2.15-60.el6_9.5.ppc64.rpm\nhttpd-tools-2.2.15-60.el6_9.5.ppc64.rpm\nmod_ssl-2.2.15-60.el6_9.5.ppc64.rpm\n\ns390x:\nhttpd-2.2.15-60.el6_9.5.s390x.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.s390.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.s390x.rpm\nhttpd-devel-2.2.15-60.el6_9.5.s390.rpm\nhttpd-devel-2.2.15-60.el6_9.5.s390x.rpm\nhttpd-tools-2.2.15-60.el6_9.5.s390x.rpm\nmod_ssl-2.2.15-60.el6_9.5.s390x.rpm\n\nx86_64:\nhttpd-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-devel-2.2.15-60.el6_9.5.i686.rpm\nhttpd-devel-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-tools-2.2.15-60.el6_9.5.x86_64.rpm\nmod_ssl-2.2.15-60.el6_9.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nhttpd-2.2.15-60.el6_9.5.src.rpm\n\ni386:\nhttpd-2.2.15-60.el6_9.5.i686.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm\nhttpd-devel-2.2.15-60.el6_9.5.i686.rpm\nhttpd-tools-2.2.15-60.el6_9.5.i686.rpm\nmod_ssl-2.2.15-60.el6_9.5.i686.rpm\n\nnoarch:\nhttpd-manual-2.2.15-60.el6_9.5.noarch.rpm\n\nx86_64:\nhttpd-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-devel-2.2.15-60.el6_9.5.i686.rpm\nhttpd-devel-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-tools-2.2.15-60.el6_9.5.x86_64.rpm\nmod_ssl-2.2.15-60.el6_9.5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-3167\nhttps://access.redhat.com/security/cve/CVE-2017-3169\nhttps://access.redhat.com/security/cve/CVE-2017-7679\nhttps://access.redhat.com/security/cve/CVE-2017-9788\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZkzq3XlSAg2UNWIIRAjxIAJ9JoJcSMguc2VTpgJl2P5BGoM2IrACfXd/8\nJxb2g1bdehw6Jjq0qF13AEM=\n=ZvYI\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files)", "sources": [ { "db": "NVD", "id": "CVE-2017-3167" }, { "db": "JVNDB", "id": "JVNDB-2017-005023" }, { "db": "BID", "id": "99135" }, { "db": "VULMON", "id": "CVE-2017-3167" }, { "db": "PACKETSTORM", "id": "145457" }, { "db": "PACKETSTORM", "id": "144960" }, { "db": "PACKETSTORM", "id": "143766" }, { "db": "PACKETSTORM", "id": "145455" }, { "db": "PACKETSTORM", "id": "144968" }, { "db": "PACKETSTORM", "id": "144969" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-3167", "trust": 3.4 }, { "db": "BID", "id": "99135", "trust": 1.9 }, { "db": "TENABLE", "id": "TNS-2019-09", "trust": 1.6 }, { "db": "SECTRACK", "id": "1038711", "trust": 1.6 }, { "db": "JVN", "id": "JVNVU98416507", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-005023", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201706-789", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2017-3167", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "145457", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "144960", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "143766", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "145455", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "144968", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "144969", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2017-3167" }, { "db": "BID", "id": "99135" }, { "db": "JVNDB", "id": "JVNDB-2017-005023" }, { "db": "PACKETSTORM", "id": "145457" }, { "db": "PACKETSTORM", "id": "144960" }, { "db": "PACKETSTORM", "id": "143766" }, { "db": "PACKETSTORM", "id": "145455" }, { "db": "PACKETSTORM", "id": "144968" }, { "db": "PACKETSTORM", "id": "144969" }, { "db": "CNNVD", "id": "CNNVD-201706-789" }, { "db": "NVD", "id": "CVE-2017-3167" } ] }, "id": "VAR-201706-0272", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22125000333333333 }, "last_update_date": "2024-11-28T20:16:29.015000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "hitachi-sec-2017-123", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-123/index.html" }, { "title": "hitachi-sec-2018-103", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-103/index.html" }, { "title": "NV17-014", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv17-014.html" }, { "title": "CVE-2017-3167: ap_get_basic_auth_pw authentication bypass", "trust": 0.8, "url": "https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4@%3Cdev.httpd.apache.org%3E" }, { "title": "hitachi-sec-2017-123", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-123/index.html" }, { "title": "hitachi-sec-2018-103", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-103/index.html" }, { "title": "Apache httpd Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71073" }, { "title": "Red Hat: Important: httpd security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173194 - Security Advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173476 - Security Advisory" }, { "title": "Red Hat: Important: httpd security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173193 - Security Advisory" }, { "title": "Red Hat: Important: httpd security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173195 - Security Advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173475 - Security Advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173477 - Security Advisory" }, { "title": "Red Hat: CVE-2017-3167", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2017-3167" }, { "title": "Ubuntu Security Notice: apache2 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3340-1" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2017-3167" }, { "title": "Ubuntu Security Notice: apache2 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3373-1" }, { "title": "Debian Security Advisories: DSA-3896-1 apache2 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a100e91e6529637522c4f74492953f8c" }, { "title": "Amazon Linux AMI: ALAS-2017-892", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2017-892" }, { "title": "Arch Linux Advisories: [ASA-201706-34] apache: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201706-34" }, { "title": "Amazon Linux AMI: ALAS-2017-863", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2017-863" }, { "title": "Symantec Security Advisories: SA154: Apache httpd Vulnerabilities June 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=6f891c1513dfb5c26769ed38bcac6e4f" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a22ad41e97bbfc5abb0bb927bf43089c" }, { "title": "Tenable Security Advisories: [R1] Tenable.sc 5.13.0 Fixes Multiple Third-Party Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2019-09" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=549dc795290b298746065b62b4bb7928" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "Final-Project", "trust": 0.1, "url": "https://github.com/Jason134526/Final-Project " }, { "title": "Cyber-Security-Final-Project", "trust": 0.1, "url": "https://github.com/jklinges14/Cyber-Security-Final-Project " }, { "title": "GyoiThon", "trust": 0.1, "url": "https://github.com/gyoisamurai/GyoiThon " }, { "title": "nrich", "trust": 0.1, "url": "https://github.com/retr0-13/nrich " }, { "title": "", "trust": 0.1, "url": "https://github.com/RoseSecurity-Research/Red-Teaming-TTPs " }, { "title": "Red-Teaming-TTPs", "trust": 0.1, "url": "https://github.com/RoseSecurity/Red-Teaming-TTPs " }, { "title": "Shodan-nrich", "trust": 0.1, "url": "https://github.com/PawanKumarPandit/Shodan-nrich " }, { "title": "DC-3-Vulnhub-Walkthrough", "trust": 0.1, "url": "https://github.com/vshaliii/DC-3-Vulnhub-Walkthrough " }, { "title": "DC-1-Vulnhub-Walkthrough", "trust": 0.1, "url": "https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough " }, { "title": "DC-2-Vulnhub-Walkthrough", "trust": 0.1, "url": "https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough " }, { "title": "", "trust": 0.1, "url": "https://github.com/hrbrmstr/internetdb " }, { "title": "", "trust": 0.1, "url": "https://github.com/SecureAxom/strike " }, { "title": "pigat", "trust": 0.1, "url": "https://github.com/syadg123/pigat " } ], "sources": [ { "db": "VULMON", "id": "CVE-2017-3167" }, { "db": "JVNDB", "id": "JVNDB-2017-005023" }, { "db": "CNNVD", "id": "CNNVD-201706-789" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-287", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-005023" }, { "db": "NVD", "id": "CVE-2017-3167" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2017:3477" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2017:3193" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2017:2478" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2017:3475" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2017:3194" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2017:3195" }, { "trust": 1.6, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbux03908en_us" }, { "trust": 1.6, "url": "https://security.gentoo.org/glsa/201710-32" }, { "trust": 1.6, "url": "https://support.apple.com/ht208221" }, { "trust": 1.6, "url": "https://security.netapp.com/advisory/ntap-20180601-0002/" }, { "trust": 1.6, "url": "http://www.debian.org/security/2017/dsa-3896" }, { "trust": 1.6, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.6, "url": "http://www.securitytracker.com/id/1038711" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/99135" }, { "trust": 1.6, "url": "https://access.redhat.com/errata/rhsa-2017:2479" }, { "trust": 1.6, "url": "https://www.nomachine.com/su08o00185" }, { "trust": 1.6, "url": "https://www.tenable.com/security/tns-2019-09" }, { "trust": 1.6, "url": "https://access.redhat.com/errata/rhsa-2017:3476" }, { "trust": 1.6, "url": "https://access.redhat.com/errata/rhsa-2017:2483" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3167" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4%40%3cdev.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2017-3167" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3167" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu98416507/" }, { "trust": 0.6, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2017-7679" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7679" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3169" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.6, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2017-3169" }, { "trust": 0.6, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.6, "url": "httpd.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4@%3cdev." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs." }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2017-9798" }, { "trust": 0.5, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9798" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2017-9788" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9788" }, { "trust": 0.3, "url": "http://httpd.apache.org/" }, { "trust": 0.3, "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "trust": 0.3, "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24043880" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1022204" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005280" }, { "trust": 0.2, "url": "https://issues.jboss.org/):" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2017-12613" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12613" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2017-7668" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7668" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.23" } ], "sources": [ { "db": "BID", "id": "99135" }, { "db": "JVNDB", "id": "JVNDB-2017-005023" }, { "db": "PACKETSTORM", "id": "145457" }, { "db": "PACKETSTORM", "id": "144960" }, { "db": "PACKETSTORM", "id": "143766" }, { "db": "PACKETSTORM", "id": "145455" }, { "db": "PACKETSTORM", "id": "144968" }, { "db": "PACKETSTORM", "id": "144969" }, { "db": "CNNVD", "id": "CNNVD-201706-789" }, { "db": "NVD", "id": "CVE-2017-3167" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2017-3167" }, { "db": "BID", "id": "99135" }, { "db": "JVNDB", "id": "JVNDB-2017-005023" }, { "db": "PACKETSTORM", "id": "145457" }, { "db": "PACKETSTORM", "id": "144960" }, { "db": "PACKETSTORM", "id": "143766" }, { "db": "PACKETSTORM", "id": "145455" }, { "db": "PACKETSTORM", "id": "144968" }, { "db": "PACKETSTORM", "id": "144969" }, { "db": "CNNVD", "id": "CNNVD-201706-789" }, { "db": "NVD", "id": "CVE-2017-3167" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-06-20T00:00:00", "db": "VULMON", "id": "CVE-2017-3167" }, { "date": "2017-06-19T00:00:00", "db": "BID", "id": "99135" }, { "date": "2017-07-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-005023" }, { "date": "2017-12-17T15:29:14", "db": "PACKETSTORM", "id": "145457" }, { "date": "2017-11-13T22:23:00", "db": "PACKETSTORM", "id": "144960" }, { "date": "2017-08-15T22:24:00", "db": "PACKETSTORM", "id": "143766" }, { "date": "2017-12-17T15:27:58", "db": "PACKETSTORM", "id": "145455" }, { "date": "2017-11-14T04:32:05", "db": "PACKETSTORM", "id": "144968" }, { "date": "2017-11-14T04:32:14", "db": "PACKETSTORM", "id": "144969" }, { "date": "2017-06-20T00:00:00", "db": "CNNVD", "id": "CNNVD-201706-789" }, { "date": "2017-06-20T01:29:00.330000", "db": "NVD", "id": "CVE-2017-3167" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2017-3167" }, { "date": "2017-08-16T08:10:00", "db": "BID", "id": "99135" }, { "date": "2018-02-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-005023" }, { "date": "2021-06-07T00:00:00", "db": "CNNVD", "id": "CNNVD-201706-789" }, { "date": "2024-11-21T03:24:58.100000", "db": "NVD", "id": "CVE-2017-3167" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "144960" }, { "db": "PACKETSTORM", "id": "143766" }, { "db": "PACKETSTORM", "id": "144968" }, { "db": "PACKETSTORM", "id": "144969" }, { "db": "CNNVD", "id": "CNNVD-201706-789" } ], "trust": 1.0 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache httpd Vulnerabilities in authentication", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-005023" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "authorization issue", "sources": [ { "db": "CNNVD", "id": "CNNVD-201706-789" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.