var-201707-1241
Vulnerability from variot
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. Apache HTTP Server is prone to a memory-corruption vulnerability. Attackers can exploit this issue to cause to obtain sensitive information or cause denial-of-service conditions. Versions prior to Apache httpd 2.2.34 and 2.4.27 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Web Server security and bug fix update Advisory ID: RHSA-2017:3113-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2017:3113 Issue date: 2017-11-02 CVE Names: CVE-2016-2183 CVE-2017-12615 CVE-2017-12617 CVE-2017-9788 CVE-2017-9798 =====================================================================
- Summary:
An update is now available for Red Hat JBoss Enterprise Web Server 2.1.2 for RHEL 6 and Red Hat JBoss Enterprise Web Server 2.1.2 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server - i386, noarch, x86_64 Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server - noarch, x86_64
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
This release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2. The updates are documented in the Release Notes document linked to in the References.
This release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a update for Red Hat JBoss Web Server 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References.
Users of Red Hat JBoss Web Server 2 should upgrade to these updated packages, which resolve several security issues.
Security Fix(es):
-
It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)
-
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615)
-
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617)
-
A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)
-
A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)
Red Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno BAPck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and GaA<<tan Leurent (Inria) as the original reporters of CVE-2016-2183.
Bug Fix(es):
-
Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1338640)
-
mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1448709)
-
CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075)
-
Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest 1490344 - CVE-2017-9798 httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed) 1493075 - Unable to load large CRL openssl problem 1493220 - CVE-2017-12615 tomcat: Remote Code Execution via JSP Upload 1494283 - CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615
- Package List:
Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server:
Source: httpd-2.2.26-57.ep6.el6.src.rpm jbcs-httpd24-openssl-1.0.2h-14.jbcs.el6.src.rpm mod_cluster-native-1.2.13-9.Final_redhat_2.ep6.el6.src.rpm tomcat6-6.0.41-19_patch_04.ep6.el6.src.rpm tomcat7-7.0.54-28_patch_05.ep6.el6.src.rpm
i386: httpd-2.2.26-57.ep6.el6.i386.rpm httpd-debuginfo-2.2.26-57.ep6.el6.i386.rpm httpd-devel-2.2.26-57.ep6.el6.i386.rpm httpd-manual-2.2.26-57.ep6.el6.i386.rpm httpd-tools-2.2.26-57.ep6.el6.i386.rpm jbcs-httpd24-openssl-1.0.2h-14.jbcs.el6.i686.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-14.jbcs.el6.i686.rpm jbcs-httpd24-openssl-devel-1.0.2h-14.jbcs.el6.i686.rpm jbcs-httpd24-openssl-libs-1.0.2h-14.jbcs.el6.i686.rpm jbcs-httpd24-openssl-perl-1.0.2h-14.jbcs.el6.i686.rpm jbcs-httpd24-openssl-static-1.0.2h-14.jbcs.el6.i686.rpm mod_cluster-native-1.2.13-9.Final_redhat_2.ep6.el6.i386.rpm mod_cluster-native-debuginfo-1.2.13-9.Final_redhat_2.ep6.el6.i386.rpm mod_ldap-2.2.26-57.ep6.el6.i386.rpm mod_ssl-2.2.26-57.ep6.el6.i386.rpm
noarch: tomcat6-6.0.41-19_patch_04.ep6.el6.noarch.rpm tomcat6-admin-webapps-6.0.41-19_patch_04.ep6.el6.noarch.rpm tomcat6-docs-webapp-6.0.41-19_patch_04.ep6.el6.noarch.rpm tomcat6-el-2.1-api-6.0.41-19_patch_04.ep6.el6.noarch.rpm tomcat6-javadoc-6.0.41-19_patch_04.ep6.el6.noarch.rpm tomcat6-jsp-2.1-api-6.0.41-19_patch_04.ep6.el6.noarch.rpm tomcat6-lib-6.0.41-19_patch_04.ep6.el6.noarch.rpm tomcat6-log4j-6.0.41-19_patch_04.ep6.el6.noarch.rpm tomcat6-maven-devel-6.0.41-19_patch_04.ep6.el6.noarch.rpm tomcat6-servlet-2.5-api-6.0.41-19_patch_04.ep6.el6.noarch.rpm tomcat6-webapps-6.0.41-19_patch_04.ep6.el6.noarch.rpm tomcat7-7.0.54-28_patch_05.ep6.el6.noarch.rpm tomcat7-admin-webapps-7.0.54-28_patch_05.ep6.el6.noarch.rpm tomcat7-docs-webapp-7.0.54-28_patch_05.ep6.el6.noarch.rpm tomcat7-el-2.2-api-7.0.54-28_patch_05.ep6.el6.noarch.rpm tomcat7-javadoc-7.0.54-28_patch_05.ep6.el6.noarch.rpm tomcat7-jsp-2.2-api-7.0.54-28_patch_05.ep6.el6.noarch.rpm tomcat7-lib-7.0.54-28_patch_05.ep6.el6.noarch.rpm tomcat7-log4j-7.0.54-28_patch_05.ep6.el6.noarch.rpm tomcat7-maven-devel-7.0.54-28_patch_05.ep6.el6.noarch.rpm tomcat7-servlet-3.0-api-7.0.54-28_patch_05.ep6.el6.noarch.rpm tomcat7-webapps-7.0.54-28_patch_05.ep6.el6.noarch.rpm
x86_64: httpd-2.2.26-57.ep6.el6.x86_64.rpm httpd-debuginfo-2.2.26-57.ep6.el6.x86_64.rpm httpd-devel-2.2.26-57.ep6.el6.x86_64.rpm httpd-manual-2.2.26-57.ep6.el6.x86_64.rpm httpd-tools-2.2.26-57.ep6.el6.x86_64.rpm jbcs-httpd24-openssl-1.0.2h-14.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-14.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-devel-1.0.2h-14.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-libs-1.0.2h-14.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-perl-1.0.2h-14.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-static-1.0.2h-14.jbcs.el6.x86_64.rpm mod_cluster-native-1.2.13-9.Final_redhat_2.ep6.el6.x86_64.rpm mod_cluster-native-debuginfo-1.2.13-9.Final_redhat_2.ep6.el6.x86_64.rpm mod_ldap-2.2.26-57.ep6.el6.x86_64.rpm mod_ssl-2.2.26-57.ep6.el6.x86_64.rpm
Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server:
Source: httpd22-2.2.26-58.ep6.el7.src.rpm jbcs-httpd24-openssl-1.0.2h-14.jbcs.el7.src.rpm mod_cluster-native-1.2.13-9.Final_redhat_2.ep6.el7.src.rpm tomcat6-6.0.41-19_patch_04.ep6.el7.src.rpm tomcat7-7.0.54-28_patch_05.ep6.el7.src.rpm
noarch: tomcat6-6.0.41-19_patch_04.ep6.el7.noarch.rpm tomcat6-admin-webapps-6.0.41-19_patch_04.ep6.el7.noarch.rpm tomcat6-docs-webapp-6.0.41-19_patch_04.ep6.el7.noarch.rpm tomcat6-el-2.1-api-6.0.41-19_patch_04.ep6.el7.noarch.rpm tomcat6-javadoc-6.0.41-19_patch_04.ep6.el7.noarch.rpm tomcat6-jsp-2.1-api-6.0.41-19_patch_04.ep6.el7.noarch.rpm tomcat6-lib-6.0.41-19_patch_04.ep6.el7.noarch.rpm tomcat6-log4j-6.0.41-19_patch_04.ep6.el7.noarch.rpm tomcat6-maven-devel-6.0.41-19_patch_04.ep6.el7.noarch.rpm tomcat6-servlet-2.5-api-6.0.41-19_patch_04.ep6.el7.noarch.rpm tomcat6-webapps-6.0.41-19_patch_04.ep6.el7.noarch.rpm tomcat7-7.0.54-28_patch_05.ep6.el7.noarch.rpm tomcat7-admin-webapps-7.0.54-28_patch_05.ep6.el7.noarch.rpm tomcat7-docs-webapp-7.0.54-28_patch_05.ep6.el7.noarch.rpm tomcat7-el-2.2-api-7.0.54-28_patch_05.ep6.el7.noarch.rpm tomcat7-javadoc-7.0.54-28_patch_05.ep6.el7.noarch.rpm tomcat7-jsp-2.2-api-7.0.54-28_patch_05.ep6.el7.noarch.rpm tomcat7-lib-7.0.54-28_patch_05.ep6.el7.noarch.rpm tomcat7-log4j-7.0.54-28_patch_05.ep6.el7.noarch.rpm tomcat7-maven-devel-7.0.54-28_patch_05.ep6.el7.noarch.rpm tomcat7-servlet-3.0-api-7.0.54-28_patch_05.ep6.el7.noarch.rpm tomcat7-webapps-7.0.54-28_patch_05.ep6.el7.noarch.rpm
x86_64: httpd22-2.2.26-58.ep6.el7.x86_64.rpm httpd22-debuginfo-2.2.26-58.ep6.el7.x86_64.rpm httpd22-devel-2.2.26-58.ep6.el7.x86_64.rpm httpd22-manual-2.2.26-58.ep6.el7.x86_64.rpm httpd22-tools-2.2.26-58.ep6.el7.x86_64.rpm jbcs-httpd24-openssl-1.0.2h-14.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-14.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.0.2h-14.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.0.2h-14.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.0.2h-14.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.0.2h-14.jbcs.el7.x86_64.rpm mod_cluster-native-1.2.13-9.Final_redhat_2.ep6.el7.x86_64.rpm mod_cluster-native-debuginfo-1.2.13-9.Final_redhat_2.ep6.el7.x86_64.rpm mod_ldap22-2.2.26-58.ep6.el7.x86_64.rpm mod_ssl22-2.2.26-58.ep6.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-2183 https://access.redhat.com/security/cve/CVE-2017-12615 https://access.redhat.com/security/cve/CVE-2017-12617 https://access.redhat.com/security/cve/CVE-2017-9788 https://access.redhat.com/security/cve/CVE-2017-9798 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/3227901
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZ+28JXlSAg2UNWIIRAuSpAKCFkBoOw+m9aijvXzxKriSHgUoKmACeKRlD egp9FqnDcfyGbgqbKnK0HOk= =5mAC -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7.2) - ppc64, ppc64le, s390x, x86_64
-
(CVE-2017-9788)
-
It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. (CVE-2017-3167)
-
A NULL pointer dereference flaw was found in the httpd's mod_ssl module. (CVE-2017-3169)
-
A buffer over-read flaw was found in the httpd's ap_find_token() function. (CVE-2017-7668)
-
A buffer over-read flaw was found in the httpd's mod_mime module. (BZ#1508885)
-
The JBoss server process must be restarted for the update to take effect. =========================================================================== Ubuntu Security Notice USN-3370-2 August 01, 2017
apache2 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Apache HTTP Server could be made to crash or leak sensitive information if it received specially crafted network traffic.
Original advisory details:
Robert Swiecki discovered that the Apache HTTP Server mod_auth_digest module incorrectly cleared values when processing certain requests.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 ESM: apache2.2-bin2.2.22-1ubuntu1.13
In general, a standard system update will make all the necessary changes. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. An httpd module using this API function could consequently allow access that should have been denied. JIRA issues fixed (https://issues.jboss.org/):
JBCS-329 - Unable to load large CRL openssl problem JBCS-337 - Errata for httpd 2.4.23 SP2 RHEL 6
The References section of this erratum contains a download link (you must log in to download the update)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-1241",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.13.1"
},
{
"model": "jboss enterprise web server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.33"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "storage automation store",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.4.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "jboss core services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.26"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.7"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.3"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "oncommand unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.10"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.6"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.4"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.9"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.12"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.32"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.3"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.7"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "17.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.26"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.25"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.23"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.20"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.19"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.18"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.17"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.16"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.14"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.12"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.11"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.10"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.5"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.4"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.33"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.26"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.25"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.24"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.23"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.15"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.14"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.13"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.12"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.11"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.10"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.9"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.8"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.6"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.5"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.4"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.2"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.9"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.8"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.7"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.6"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.3"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.24"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.2"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.13"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.1"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.0"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.32"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.29"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.22"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.21"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.20"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.19"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.18"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.17"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.16"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.1"
},
{
"model": "apache",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.34"
},
{
"model": "apache",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.27"
}
],
"sources": [
{
"db": "BID",
"id": "99569"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-931"
},
{
"db": "NVD",
"id": "CVE-2017-9788"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "144869"
},
{
"db": "PACKETSTORM",
"id": "145017"
},
{
"db": "PACKETSTORM",
"id": "144960"
},
{
"db": "PACKETSTORM",
"id": "145018"
},
{
"db": "PACKETSTORM",
"id": "144135"
},
{
"db": "PACKETSTORM",
"id": "144969"
},
{
"db": "PACKETSTORM",
"id": "144865"
}
],
"trust": 0.7
},
"cve": "CVE-2017-9788",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9788",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-117991",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9788",
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9788",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-931",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-117991",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-9788",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117991"
},
{
"db": "VULMON",
"id": "CVE-2017-9788"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-931"
},
{
"db": "NVD",
"id": "CVE-2017-9788"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type \u0027Digest\u0027 was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no \u0027=\u0027 assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. Apache HTTP Server is prone to a memory-corruption vulnerability. \nAttackers can exploit this issue to cause to obtain sensitive information or cause denial-of-service conditions. \nVersions prior to Apache httpd 2.2.34 and 2.4.27 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Web Server security and bug fix update\nAdvisory ID: RHSA-2017:3113-01\nProduct: Red Hat JBoss Web Server\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:3113\nIssue date: 2017-11-02\nCVE Names: CVE-2016-2183 CVE-2017-12615 CVE-2017-12617 \n CVE-2017-9788 CVE-2017-9798 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat JBoss Enterprise Web Server 2.1.2\nfor RHEL 6 and Red Hat JBoss Enterprise Web Server 2.1.2 for RHEL 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Enterprise Web Server 2 for RHEL 6 Server - i386, noarch, x86_64\nRed Hat JBoss Enterprise Web Server 2 for RHEL 7 Server - noarch, x86_64\n\n3. \n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies. \n\nThis release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red\nHat JBoss Web Server 2.1.2. The updates are documented in the Release Notes\ndocument linked to in the References. \n\nThis release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a\nupdate for Red Hat JBoss Web Server 2, and includes bug fixes, which are\ndocumented in the Release Notes document linked to in the References. \n\nUsers of Red Hat JBoss Web Server 2 should upgrade to these updated\npackages, which resolve several security issues. \n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not\nproperly initialize memory before using it when processing certain headers\nrelated to digest authentication. A remote attacker could possibly use this\nflaw to disclose potentially sensitive information or cause httpd child\nprocess to crash by sending specially crafted requests to a server. \n(CVE-2017-9788)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was\nconfigured with readonly=false and HTTP PUT requests were allowed, an\nattacker could upload a JSP file to that context and achieve code\nexecution. (CVE-2017-12615)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was\nconfigured with readonly=false and HTTP PUT requests were allowed, an\nattacker could upload a JSP file to that context and achieve code\nexecution. (CVE-2017-12617)\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the\nTLS/SSL protocol. A man-in-the-middle attacker could use this flaw to\nrecover some plaintext data by capturing large amounts of encrypted traffic\nbetween TLS/SSL server and client if the communication used a DES/3DES\nbased ciphersuite. (CVE-2016-2183)\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive used\nin an .htaccess file. A remote attacker could possibly use this flaw to\ndisclose portions of the server memory, or cause httpd child process to\ncrash. (CVE-2017-9798)\n\nRed Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno\nBAPck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan\nBhargavan (Inria) and GaA\u003c\u003ctan Leurent (Inria) as the original reporters of\nCVE-2016-2183. \n\nBug Fix(es):\n\n* Corruption in nodestatsmem in multiple core dumps but in different\nfunctions of each core dump. (BZ#1338640)\n\n* mod_cluster segfaults in process_info() due to wrongly generated\nassembler instruction movslq (BZ#1448709)\n\n* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075)\n\n4. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. After installing the updated\npackages, the httpd daemon will be restarted automatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest\n1490344 - CVE-2017-9798 httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)\n1493075 - Unable to load large CRL openssl problem\n1493220 - CVE-2017-12615 tomcat: Remote Code Execution via JSP Upload\n1494283 - CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615\n\n6. Package List:\n\nRed Hat JBoss Enterprise Web Server 2 for RHEL 6 Server:\n\nSource:\nhttpd-2.2.26-57.ep6.el6.src.rpm\njbcs-httpd24-openssl-1.0.2h-14.jbcs.el6.src.rpm\nmod_cluster-native-1.2.13-9.Final_redhat_2.ep6.el6.src.rpm\ntomcat6-6.0.41-19_patch_04.ep6.el6.src.rpm\ntomcat7-7.0.54-28_patch_05.ep6.el6.src.rpm\n\ni386:\nhttpd-2.2.26-57.ep6.el6.i386.rpm\nhttpd-debuginfo-2.2.26-57.ep6.el6.i386.rpm\nhttpd-devel-2.2.26-57.ep6.el6.i386.rpm\nhttpd-manual-2.2.26-57.ep6.el6.i386.rpm\nhttpd-tools-2.2.26-57.ep6.el6.i386.rpm\njbcs-httpd24-openssl-1.0.2h-14.jbcs.el6.i686.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-14.jbcs.el6.i686.rpm\njbcs-httpd24-openssl-devel-1.0.2h-14.jbcs.el6.i686.rpm\njbcs-httpd24-openssl-libs-1.0.2h-14.jbcs.el6.i686.rpm\njbcs-httpd24-openssl-perl-1.0.2h-14.jbcs.el6.i686.rpm\njbcs-httpd24-openssl-static-1.0.2h-14.jbcs.el6.i686.rpm\nmod_cluster-native-1.2.13-9.Final_redhat_2.ep6.el6.i386.rpm\nmod_cluster-native-debuginfo-1.2.13-9.Final_redhat_2.ep6.el6.i386.rpm\nmod_ldap-2.2.26-57.ep6.el6.i386.rpm\nmod_ssl-2.2.26-57.ep6.el6.i386.rpm\n\nnoarch:\ntomcat6-6.0.41-19_patch_04.ep6.el6.noarch.rpm\ntomcat6-admin-webapps-6.0.41-19_patch_04.ep6.el6.noarch.rpm\ntomcat6-docs-webapp-6.0.41-19_patch_04.ep6.el6.noarch.rpm\ntomcat6-el-2.1-api-6.0.41-19_patch_04.ep6.el6.noarch.rpm\ntomcat6-javadoc-6.0.41-19_patch_04.ep6.el6.noarch.rpm\ntomcat6-jsp-2.1-api-6.0.41-19_patch_04.ep6.el6.noarch.rpm\ntomcat6-lib-6.0.41-19_patch_04.ep6.el6.noarch.rpm\ntomcat6-log4j-6.0.41-19_patch_04.ep6.el6.noarch.rpm\ntomcat6-maven-devel-6.0.41-19_patch_04.ep6.el6.noarch.rpm\ntomcat6-servlet-2.5-api-6.0.41-19_patch_04.ep6.el6.noarch.rpm\ntomcat6-webapps-6.0.41-19_patch_04.ep6.el6.noarch.rpm\ntomcat7-7.0.54-28_patch_05.ep6.el6.noarch.rpm\ntomcat7-admin-webapps-7.0.54-28_patch_05.ep6.el6.noarch.rpm\ntomcat7-docs-webapp-7.0.54-28_patch_05.ep6.el6.noarch.rpm\ntomcat7-el-2.2-api-7.0.54-28_patch_05.ep6.el6.noarch.rpm\ntomcat7-javadoc-7.0.54-28_patch_05.ep6.el6.noarch.rpm\ntomcat7-jsp-2.2-api-7.0.54-28_patch_05.ep6.el6.noarch.rpm\ntomcat7-lib-7.0.54-28_patch_05.ep6.el6.noarch.rpm\ntomcat7-log4j-7.0.54-28_patch_05.ep6.el6.noarch.rpm\ntomcat7-maven-devel-7.0.54-28_patch_05.ep6.el6.noarch.rpm\ntomcat7-servlet-3.0-api-7.0.54-28_patch_05.ep6.el6.noarch.rpm\ntomcat7-webapps-7.0.54-28_patch_05.ep6.el6.noarch.rpm\n\nx86_64:\nhttpd-2.2.26-57.ep6.el6.x86_64.rpm\nhttpd-debuginfo-2.2.26-57.ep6.el6.x86_64.rpm\nhttpd-devel-2.2.26-57.ep6.el6.x86_64.rpm\nhttpd-manual-2.2.26-57.ep6.el6.x86_64.rpm\nhttpd-tools-2.2.26-57.ep6.el6.x86_64.rpm\njbcs-httpd24-openssl-1.0.2h-14.jbcs.el6.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-14.jbcs.el6.x86_64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-14.jbcs.el6.x86_64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-14.jbcs.el6.x86_64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-14.jbcs.el6.x86_64.rpm\njbcs-httpd24-openssl-static-1.0.2h-14.jbcs.el6.x86_64.rpm\nmod_cluster-native-1.2.13-9.Final_redhat_2.ep6.el6.x86_64.rpm\nmod_cluster-native-debuginfo-1.2.13-9.Final_redhat_2.ep6.el6.x86_64.rpm\nmod_ldap-2.2.26-57.ep6.el6.x86_64.rpm\nmod_ssl-2.2.26-57.ep6.el6.x86_64.rpm\n\nRed Hat JBoss Enterprise Web Server 2 for RHEL 7 Server:\n\nSource:\nhttpd22-2.2.26-58.ep6.el7.src.rpm\njbcs-httpd24-openssl-1.0.2h-14.jbcs.el7.src.rpm\nmod_cluster-native-1.2.13-9.Final_redhat_2.ep6.el7.src.rpm\ntomcat6-6.0.41-19_patch_04.ep6.el7.src.rpm\ntomcat7-7.0.54-28_patch_05.ep6.el7.src.rpm\n\nnoarch:\ntomcat6-6.0.41-19_patch_04.ep6.el7.noarch.rpm\ntomcat6-admin-webapps-6.0.41-19_patch_04.ep6.el7.noarch.rpm\ntomcat6-docs-webapp-6.0.41-19_patch_04.ep6.el7.noarch.rpm\ntomcat6-el-2.1-api-6.0.41-19_patch_04.ep6.el7.noarch.rpm\ntomcat6-javadoc-6.0.41-19_patch_04.ep6.el7.noarch.rpm\ntomcat6-jsp-2.1-api-6.0.41-19_patch_04.ep6.el7.noarch.rpm\ntomcat6-lib-6.0.41-19_patch_04.ep6.el7.noarch.rpm\ntomcat6-log4j-6.0.41-19_patch_04.ep6.el7.noarch.rpm\ntomcat6-maven-devel-6.0.41-19_patch_04.ep6.el7.noarch.rpm\ntomcat6-servlet-2.5-api-6.0.41-19_patch_04.ep6.el7.noarch.rpm\ntomcat6-webapps-6.0.41-19_patch_04.ep6.el7.noarch.rpm\ntomcat7-7.0.54-28_patch_05.ep6.el7.noarch.rpm\ntomcat7-admin-webapps-7.0.54-28_patch_05.ep6.el7.noarch.rpm\ntomcat7-docs-webapp-7.0.54-28_patch_05.ep6.el7.noarch.rpm\ntomcat7-el-2.2-api-7.0.54-28_patch_05.ep6.el7.noarch.rpm\ntomcat7-javadoc-7.0.54-28_patch_05.ep6.el7.noarch.rpm\ntomcat7-jsp-2.2-api-7.0.54-28_patch_05.ep6.el7.noarch.rpm\ntomcat7-lib-7.0.54-28_patch_05.ep6.el7.noarch.rpm\ntomcat7-log4j-7.0.54-28_patch_05.ep6.el7.noarch.rpm\ntomcat7-maven-devel-7.0.54-28_patch_05.ep6.el7.noarch.rpm\ntomcat7-servlet-3.0-api-7.0.54-28_patch_05.ep6.el7.noarch.rpm\ntomcat7-webapps-7.0.54-28_patch_05.ep6.el7.noarch.rpm\n\nx86_64:\nhttpd22-2.2.26-58.ep6.el7.x86_64.rpm\nhttpd22-debuginfo-2.2.26-58.ep6.el7.x86_64.rpm\nhttpd22-devel-2.2.26-58.ep6.el7.x86_64.rpm\nhttpd22-manual-2.2.26-58.ep6.el7.x86_64.rpm\nhttpd22-tools-2.2.26-58.ep6.el7.x86_64.rpm\njbcs-httpd24-openssl-1.0.2h-14.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-14.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-14.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-14.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-14.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-static-1.0.2h-14.jbcs.el7.x86_64.rpm\nmod_cluster-native-1.2.13-9.Final_redhat_2.ep6.el7.x86_64.rpm\nmod_cluster-native-debuginfo-1.2.13-9.Final_redhat_2.ep6.el7.x86_64.rpm\nmod_ldap22-2.2.26-58.ep6.el7.x86_64.rpm\nmod_ssl22-2.2.26-58.ep6.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2183\nhttps://access.redhat.com/security/cve/CVE-2017-12615\nhttps://access.redhat.com/security/cve/CVE-2017-12617\nhttps://access.redhat.com/security/cve/CVE-2017-9788\nhttps://access.redhat.com/security/cve/CVE-2017-9798\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/articles/3227901\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZ+28JXlSAg2UNWIIRAuSpAKCFkBoOw+m9aijvXzxKriSHgUoKmACeKRlD\negp9FqnDcfyGbgqbKnK0HOk=\n=5mAC\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 7.2) - ppc64, ppc64le, s390x, x86_64\n\n3. \n(CVE-2017-9788)\n\n* It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API\nfunction outside of the authentication phase could lead to authentication\nbypass. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd\u0027s ap_find_token()\nfunction. (CVE-2017-7668)\n\n* A buffer over-read flaw was found in the httpd\u0027s mod_mime module. (BZ#1508885)\n\n4. The JBoss server\nprocess must be restarted for the update to take effect. \n===========================================================================\nUbuntu Security Notice USN-3370-2\nAugust 01, 2017\n\napache2 vulnerability\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 ESM\n\nSummary:\n\nApache HTTP Server could be made to crash or leak sensitive information\nif it received specially crafted network traffic. \n\nOriginal advisory details:\n\nRobert Swiecki discovered that the Apache HTTP Server mod_auth_digest\nmodule incorrectly cleared values when processing certain requests. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 ESM:\n apache2.2-bin2.2.22-1ubuntu1.13\n\nIn general, a standard system update will make all the necessary\nchanges. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. An httpd module using\nthis API function could consequently allow access that should have been\ndenied. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-329 - Unable to load large CRL openssl problem\nJBCS-337 - Errata for httpd 2.4.23 SP2 RHEL 6\n\n7. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update)",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9788"
},
{
"db": "BID",
"id": "99569"
},
{
"db": "VULHUB",
"id": "VHN-117991"
},
{
"db": "VULMON",
"id": "CVE-2017-9788"
},
{
"db": "PACKETSTORM",
"id": "143358"
},
{
"db": "PACKETSTORM",
"id": "143534"
},
{
"db": "PACKETSTORM",
"id": "144869"
},
{
"db": "PACKETSTORM",
"id": "145017"
},
{
"db": "PACKETSTORM",
"id": "144960"
},
{
"db": "PACKETSTORM",
"id": "145018"
},
{
"db": "PACKETSTORM",
"id": "143615"
},
{
"db": "PACKETSTORM",
"id": "144135"
},
{
"db": "PACKETSTORM",
"id": "144969"
},
{
"db": "PACKETSTORM",
"id": "144865"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9788",
"trust": 3.1
},
{
"db": "BID",
"id": "99569",
"trust": 2.0
},
{
"db": "TENABLE",
"id": "TNS-2019-09",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1038906",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201706-931",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "143358",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143534",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143615",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-117991",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-9788",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144869",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145017",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144960",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145018",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144969",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144865",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117991"
},
{
"db": "VULMON",
"id": "CVE-2017-9788"
},
{
"db": "BID",
"id": "99569"
},
{
"db": "PACKETSTORM",
"id": "143358"
},
{
"db": "PACKETSTORM",
"id": "143534"
},
{
"db": "PACKETSTORM",
"id": "144869"
},
{
"db": "PACKETSTORM",
"id": "145017"
},
{
"db": "PACKETSTORM",
"id": "144960"
},
{
"db": "PACKETSTORM",
"id": "145018"
},
{
"db": "PACKETSTORM",
"id": "143615"
},
{
"db": "PACKETSTORM",
"id": "144135"
},
{
"db": "PACKETSTORM",
"id": "144969"
},
{
"db": "PACKETSTORM",
"id": "144865"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-931"
},
{
"db": "NVD",
"id": "CVE-2017-9788"
}
]
},
"id": "VAR-201707-1241",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-117991"
}
],
"trust": 0.01
},
"last_update_date": "2024-09-19T21:01:41.120000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89486"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172710 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172709 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3370-2"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172708 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-3913-1 apache2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d9fddec113878a445ed8009b9b095457"
},
{
"title": "Debian CVElist Bug Report Logs: apache2: CVE-2017-9788",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5acf2d8c1512b0afa80a30a349e7a2c3"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3370-1"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.18 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173240 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173194 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.18 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173239 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173193 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173195 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173113 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173114 - Security Advisory"
},
{
"title": "Arch Linux Advisories: [ASA-201707-15] apache: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201707-15"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2017-9788"
},
{
"title": "Amazon Linux AMI: ALAS-2017-892",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2017-892"
},
{
"title": "Symantec Security Advisories: Apache HTTP Server Vulnerabilities Jul 2017 - Sep 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=d2f801f4ee4b743c8db2cea35625dd16"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a22ad41e97bbfc5abb0bb927bf43089c"
},
{
"title": "Tenable Security Advisories: [R1] Tenable.sc 5.13.0 Fixes Multiple Third-Party Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2019-09"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=549dc795290b298746065b62b4bb7928"
},
{
"title": "MITRE_NIST",
"trust": 0.1,
"url": "https://github.com/ColumbusCollaboratory/MITRE_NIST "
},
{
"title": "tab_pie_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/CredenceID/tab_pie_external_honggfuzz "
},
{
"title": "platform_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/DennissimOS/platform_external_honggfuzz "
},
{
"title": "nrich",
"trust": 0.1,
"url": "https://github.com/retr0-13/nrich "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/RoseSecurity-Research/Red-Teaming-TTPs "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/khadas/android_external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/bananadroid/android_external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/random-aosp-stuff/android_external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/TheXPerienceProject/android_external_honggfuzz "
},
{
"title": "honggfuzz_READ",
"trust": 0.1,
"url": "https://github.com/imbaya2466/honggfuzz_READ "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/ForkLineageOS/external_honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/Wave-Project/external_honggfuzz "
},
{
"title": "Red-Teaming-TTPs",
"trust": 0.1,
"url": "https://github.com/RoseSecurity/Red-Teaming-TTPs "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/swordphoenix/external_honggfuzz "
},
{
"title": "platform_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/aosp-caf-upstream/platform_external_honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/crdroid-r/external_honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/yaap/external_honggfuzz "
},
{
"title": "Shodan-nrich",
"trust": 0.1,
"url": "https://github.com/PawanKumarPandit/Shodan-nrich "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/TinkerEdgeR-Android/external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/Corvus-R/android_external_honggfuzz "
},
{
"title": "external-honggfuzz",
"trust": 0.1,
"url": "https://github.com/TinkerBoard2-Android/external-honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/Ozone-OS/external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/StatiXOS/android_external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/crdroidandroid/android_external_honggfuzz "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/aosp10-public/external_honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/CAF-Extended/external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/jingpad-bsp/android_external_honggfuzz "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/TinkerBoard-Android/rockchip-android-external-honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/Project-1CE/external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/ProtonAOSP/android_external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/ProtonAOSP-platina/android_external_honggfuzz "
},
{
"title": "external-honggfuzz",
"trust": 0.1,
"url": "https://github.com/TinkerBoard-Android/external-honggfuzz "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Tomoms/android_external_honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/TinkerBoard2-Android/external_honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/HavocR/external_honggfuzz "
},
{
"title": "lllnx",
"trust": 0.1,
"url": "https://github.com/lllnx/lllnx "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ep-infosec/50_google_honggfuzz "
},
{
"title": "TEC-MBSD2017",
"trust": 0.1,
"url": "https://github.com/keloud/TEC-MBSD2017 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-9788"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-931"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117991"
},
{
"db": "NVD",
"id": "CVE-2017-9788"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/99569"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2017/dsa-3913"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:2710"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:3113"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:3114"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:3193"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:3195"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:3239"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:3240"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20170911-0002/"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht208221"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/201710-32"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:2478"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:2479"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:2483"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:2708"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:2709"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:3194"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1038906"
},
{
"trust": 1.6,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbux03908en_us"
},
{
"trust": 1.1,
"url": "https://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"trust": 1.1,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9788"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb%40%3cannounce.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2017-9788"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2017-9798"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9798"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs."
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_22.html"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs."
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb@%3cannounce."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs."
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2016-2183"
},
{
"trust": 0.3,
"url": "http://www.apache.org/"
},
{
"trust": 0.3,
"url": "https://httpd.apache.org/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748"
},
{
"trust": 0.3,
"url": "http://seclists.org/oss-sec/2017/q3/127"
},
{
"trust": 0.2,
"url": "https://www.ubuntu.com/usn/usn-3370-1"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-12617"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-12615"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12615"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/3227901"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12617"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/3229231"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-7679"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-3167"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7679"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3169"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-3169"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3167"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbux03908en_us"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb@%3cannounce.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://httpd.apache.org/security_report.html"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.25-3ubuntu2.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu3.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.17"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7668"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7668"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/"
},
{
"trust": 0.1,
"url": "https://www.ubuntu.com/usn/usn-3370-2"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-3185"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=2.1.2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117991"
},
{
"db": "BID",
"id": "99569"
},
{
"db": "PACKETSTORM",
"id": "143358"
},
{
"db": "PACKETSTORM",
"id": "143534"
},
{
"db": "PACKETSTORM",
"id": "144869"
},
{
"db": "PACKETSTORM",
"id": "145017"
},
{
"db": "PACKETSTORM",
"id": "144960"
},
{
"db": "PACKETSTORM",
"id": "145018"
},
{
"db": "PACKETSTORM",
"id": "143615"
},
{
"db": "PACKETSTORM",
"id": "144135"
},
{
"db": "PACKETSTORM",
"id": "144969"
},
{
"db": "PACKETSTORM",
"id": "144865"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-931"
},
{
"db": "NVD",
"id": "CVE-2017-9788"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-117991"
},
{
"db": "VULMON",
"id": "CVE-2017-9788"
},
{
"db": "BID",
"id": "99569"
},
{
"db": "PACKETSTORM",
"id": "143358"
},
{
"db": "PACKETSTORM",
"id": "143534"
},
{
"db": "PACKETSTORM",
"id": "144869"
},
{
"db": "PACKETSTORM",
"id": "145017"
},
{
"db": "PACKETSTORM",
"id": "144960"
},
{
"db": "PACKETSTORM",
"id": "145018"
},
{
"db": "PACKETSTORM",
"id": "143615"
},
{
"db": "PACKETSTORM",
"id": "144135"
},
{
"db": "PACKETSTORM",
"id": "144969"
},
{
"db": "PACKETSTORM",
"id": "144865"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-931"
},
{
"db": "NVD",
"id": "CVE-2017-9788"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-13T00:00:00",
"db": "VULHUB",
"id": "VHN-117991"
},
{
"date": "2017-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9788"
},
{
"date": "2017-07-11T00:00:00",
"db": "BID",
"id": "99569"
},
{
"date": "2017-07-13T04:44:44",
"db": "PACKETSTORM",
"id": "143358"
},
{
"date": "2017-07-27T19:32:22",
"db": "PACKETSTORM",
"id": "143534"
},
{
"date": "2017-11-02T23:50:49",
"db": "PACKETSTORM",
"id": "144869"
},
{
"date": "2017-11-17T00:10:36",
"db": "PACKETSTORM",
"id": "145017"
},
{
"date": "2017-11-13T22:23:00",
"db": "PACKETSTORM",
"id": "144960"
},
{
"date": "2017-11-17T00:10:45",
"db": "PACKETSTORM",
"id": "145018"
},
{
"date": "2017-08-02T00:26:49",
"db": "PACKETSTORM",
"id": "143615"
},
{
"date": "2017-09-14T19:50:50",
"db": "PACKETSTORM",
"id": "144135"
},
{
"date": "2017-11-14T04:32:14",
"db": "PACKETSTORM",
"id": "144969"
},
{
"date": "2017-11-02T23:39:48",
"db": "PACKETSTORM",
"id": "144865"
},
{
"date": "2017-06-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-931"
},
{
"date": "2017-07-13T16:29:00.227000",
"db": "NVD",
"id": "CVE-2017-9788"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-117991"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9788"
},
{
"date": "2017-08-16T08:10:00",
"db": "BID",
"id": "99569"
},
{
"date": "2021-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-931"
},
{
"date": "2023-11-07T02:50:52.257000",
"db": "NVD",
"id": "CVE-2017-9788"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "143534"
},
{
"db": "PACKETSTORM",
"id": "144960"
},
{
"db": "PACKETSTORM",
"id": "143615"
},
{
"db": "PACKETSTORM",
"id": "144969"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-931"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache httpd Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-931"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-931"
}
],
"trust": 0.6
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.