ID

VAR-201507-0059


CVE

CVE-2015-0253


TITLE

Apache HTTP Server of server/protocol.c Inside read_request_line Service disruption in functions (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-003797

DESCRIPTION

The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Apache HTTP Server is prone to a remote denial-of-service vulnerability. Successful exploits may allow an attacker to cause an affected application to crash, resulting in a denial-of-service condition. The server is fast, reliable and extensible through a simple API. The vulnerability is caused by the fact that the program does not initialize the structure members. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd24-httpd security update Advisory ID: RHSA-2015:1666-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1666.html Issue date: 2015-08-24 CVE Names: CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 CVE-2015-3185 ===================================================================== 1. Summary: Updated httpd24-httpd packages that fix multiple security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183) It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. (CVE-2015-3185) Note: This update introduces new a new API function, ap_some_authn_required(), which correctly indicates if a request is authenticated. External httpd modules using the old API function should be modified to use the new one to completely resolve this issue. A denial of service flaw was found in the way the mod_lua httpd module processed certain WebSocket Ping requests. A remote attacker could send a specially crafted WebSocket Ping packet that would cause the httpd child process to crash. A remote attacker could possibly use this flaw to crash the httpd child process using a request that triggers a certain HTTP error. (CVE-2015-0253) All httpd24-httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd24-httpd service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1202988 - CVE-2015-0228 httpd: Possible mod_lua crash due to websocket bug 1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser 1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4 1243891 - CVE-2015-0253 httpd: NULL pointer dereference crash with ErrorDocument 400 pointing to a local URL-path 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: httpd24-httpd-2.4.12-4.el6.2.src.rpm noarch: httpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm x86_64: httpd24-httpd-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: httpd24-httpd-2.4.12-4.el6.2.src.rpm noarch: httpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm x86_64: httpd24-httpd-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: httpd24-httpd-2.4.12-4.el6.2.src.rpm noarch: httpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm x86_64: httpd24-httpd-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: httpd24-httpd-2.4.12-4.el6.2.src.rpm noarch: httpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm x86_64: httpd24-httpd-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: httpd24-httpd-2.4.12-6.el7.1.src.rpm noarch: httpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm x86_64: httpd24-httpd-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: httpd24-httpd-2.4.12-6.el7.1.src.rpm noarch: httpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm x86_64: httpd24-httpd-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: httpd24-httpd-2.4.12-6.el7.1.src.rpm noarch: httpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm x86_64: httpd24-httpd-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0228 https://access.redhat.com/security/cve/CVE-2015-0253 https://access.redhat.com/security/cve/CVE-2015-3183 https://access.redhat.com/security/cve/CVE-2015-3185 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV22bPXlSAg2UNWIIRAmm2AKCI6AByn1Zlj/2R8aLKFD4hZno5VgCfcx8H y5DWl0MjeqKeAOHiddwyDdU= =yzQP -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-09-16-4 OS X Server 5.0.3 OS X Server 5.0.3 is now available and addresses the following: apache Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities in Apache, the most serious of which may allow a remote attacker to cause a denial of service Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.16. These issues were addressed by updating Apache to version 2.4.16. CVE-ID CVE-2013-5704 CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 CVE-2015-3185 BIND Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities in BIND, the most severe of which may allow a remote attacker to cause a denial of service Description: Multiple vulnerabilities existed in BIND versions prior to 9.9.7. These issues were addressed by updating BIND to version 9.9.7. CVE-ID CVE-2014-8500 CVE-2015-1349 PostgreSQL Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities in PostgreSQL, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in PostgreSQL versions prior to 9.3.9. These issues were addressed by updating PostgreSQL to version 9.3.9. CVE-ID CVE-2014-0067 CVE-2014-8161 CVE-2015-0241 CVE-2015-0242 CVE-2015-0243 CVE-2015-0244 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 Wiki Server Available for: OS X Yosemite v10.10.4 or later Impact: Multiple XML security issues in Wiki Server Description: Multiple XML vulnerabilities existed in Wiki Server based on Twisted. This issue was addressed by removing Twisted. CVE-ID CVE-2015-5911 : Zachary Jones of WhiteHat Security Threat Research Center OS X Server 5.0.3 may be obtained from the Mac App Store. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/httpd-2.4.16-i486-1_slack14.1.txz: Upgraded. This update fixes the following security issues: * CVE-2015-0253: Fix a crash with ErrorDocument 400 pointing to a local URL-path with the INCLUDES filter active, introduced in 2.4.11. * CVE-2015-3183: core: Fix chunk header parsing defect. Remove apr_brigade_flatten(), buffering and duplicated code from the HTTP_IN filter, parse chunks in a single pass with zero copy. Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext authorized characters. * CVE-2015-3185: Replacement of ap_some_auth_required (unusable in Apache httpd 2.4) with new ap_some_authn_required and ap_force_authn hook. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0253 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.16-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.16-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.16-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.16-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.16-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.16-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: d78c9925e69ba6ce14d67fb67245981b httpd-2.4.16-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 1370e3c7e135bf07b65e73049099a942 httpd-2.4.16-x86_64-1_slack14.0.txz Slackware 14.1 package: ea116c45bba8c80f59cfe0394a8f87fa httpd-2.4.16-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 8b5b1caa1fa203b07b529f77834fac16 httpd-2.4.16-x86_64-1_slack14.1.txz Slackware -current package: 01ccb961f17bd14c1d157892af4c9f1d n/httpd-2.4.16-i586-1.txz Slackware x86_64 -current package: 70a6644de3585007861e57cf08608843 n/httpd-2.4.16-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg httpd-2.4.16-i486-1_slack14.1.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

Trust: 2.34

sources: NVD: CVE-2015-0253 // JVNDB: JVNDB-2015-003797 // BID: 75964 // VULHUB: VHN-78199 // VULMON: CVE-2015-0253 // PACKETSTORM: 133281 // PACKETSTORM: 133619 // PACKETSTORM: 132743

AFFECTED PRODUCTS

vendor:apachemodel:http serverscope:eqversion:2.4.12

Trust: 1.8

vendor:oraclemodel:solarisscope:eqversion:11.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.10.4

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:5.0.3

Trust: 1.0

vendor:oraclemodel:linuxscope:eqversion:7

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.10 to 10.10.4

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.9.5

Trust: 0.8

vendor:applemodel:macos serverscope:ltversion:5.0.3 (os x yosemite v10.10.5 or later )

Trust: 0.8

vendor:oraclemodel:linuxscope:eqversion:7.0

Trust: 0.6

vendor:slackwaremodel:linux x86 64 -currentscope: - version: -

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

sources: BID: 75964 // JVNDB: JVNDB-2015-003797 // CNNVD: CNNVD-201507-656 // NVD: CVE-2015-0253

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0253
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0253
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201507-656
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78199
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-0253
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0253
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-78199
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78199 // VULMON: CVE-2015-0253 // JVNDB: JVNDB-2015-003797 // CNNVD: CNNVD-201507-656 // NVD: CVE-2015-0253

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2015-003797 // NVD: CVE-2015-0253

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 133281 // CNNVD: CNNVD-201507-656

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201507-656

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003797

PATCH

title:Fixed in Apache httpd 2.4.16url:http://httpd.apache.org/security/vulnerabilities_24.html

Trust: 0.8

title:APPLE-SA-2015-09-16-4 OS X Server 5.0.3url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html

Trust: 0.8

title:APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006url:http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

Trust: 0.8

title:HT205219url:https://support.apple.com/en-us/HT205219

Trust: 0.8

title:HT205031url:http://support.apple.com/en-us/HT205031

Trust: 0.8

title:HT205031url:http://support.apple.com/ja-jp/HT205031

Trust: 0.8

title:HT205219url:http://support.apple.com/ja-jp/HT205219

Trust: 0.8

title:Bug 57531url:https://bz.apache.org/bugzilla/show_bug.cgi?id=57531

Trust: 0.8

title:Changes with Apache 2.4.13url:http://www.apache.org/dist/httpd/CHANGES_2.4

Trust: 0.8

title:*) SECURITY: CVE-2015-0253 (cve.mitre.org)url:https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb

Trust: 0.8

title:Oracle Solaris Third Party Bulletin - October 2015url:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Trust: 0.8

title:TLSA-2015-17url:http://www.turbolinux.co.jp/security/2015/TLSA-2015-17j.html

Trust: 0.8

title:server-protocol.curl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57083

Trust: 0.6

title:Red Hat: CVE-2015-0253url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-0253

Trust: 0.1

title:Brocade Security Advisories: BSA-2017-497url:https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories&qid=59455104847d943f738f9d5b0fd958f6

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-579url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-579

Trust: 0.1

title:Apple: OS X Server v5.0.3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e856ca3528e3f20edc6e25428c85c101

Trust: 0.1

title:Apple: OS X Yosemite v10.10.5 and Security Update 2015-006url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=9834d0d73bf28fb80d3390930bafd906

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=8ad80411af3e936eb2998df70506cc71

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2015url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=92308e3c4d305e91c2eba8c9c6835e83

Trust: 0.1

sources: VULMON: CVE-2015-0253 // JVNDB: JVNDB-2015-003797 // CNNVD: CNNVD-201507-656

EXTERNAL IDS

db:NVDid:CVE-2015-0253

Trust: 3.2

db:BIDid:75964

Trust: 2.1

db:SECTRACKid:1032967

Trust: 1.8

db:JVNid:JVNVU99970459

Trust: 0.8

db:JVNDBid:JVNDB-2015-003797

Trust: 0.8

db:CNNVDid:CNNVD-201507-656

Trust: 0.7

db:VULHUBid:VHN-78199

Trust: 0.1

db:VULMONid:CVE-2015-0253

Trust: 0.1

db:PACKETSTORMid:133281

Trust: 0.1

db:PACKETSTORMid:133619

Trust: 0.1

db:PACKETSTORMid:132743

Trust: 0.1

sources: VULHUB: VHN-78199 // VULMON: CVE-2015-0253 // BID: 75964 // JVNDB: JVNDB-2015-003797 // PACKETSTORM: 133281 // PACKETSTORM: 133619 // PACKETSTORM: 132743 // CNNVD: CNNVD-201507-656 // NVD: CVE-2015-0253

REFERENCES

url:http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Trust: 2.1

url:http://www.securityfocus.com/bid/75964

Trust: 1.9

url:http://rhn.redhat.com/errata/rhsa-2015-1666.html

Trust: 1.9

url:http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00004.html

Trust: 1.8

url:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Trust: 1.8

url:https://bz.apache.org/bugzilla/show_bug.cgi?id=57531

Trust: 1.8

url:https://support.apple.com/ht205219

Trust: 1.8

url:https://support.apple.com/kb/ht205031

Trust: 1.8

url:http://www.securitytracker.com/id/1032967

Trust: 1.8

url:http://httpd.apache.org/security/vulnerabilities_24.html

Trust: 1.5

url:http://www.apache.org/dist/httpd/changes_2.4

Trust: 1.5

url:https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb

Trust: 1.2

url:https://github.com/apache/httpd/commit/be0f5335e3e73eb63253b050fdc23f252f5c8ae3

Trust: 1.2

url:https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0253

Trust: 0.9

url:http://jvn.jp/vu/jvnvu99970459/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0253

Trust: 0.8

url:httpd.apache.org/security/vulnerabilities_24.html

Trust: 0.6

url:http://

Trust: 0.6

url:httpd.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.

Trust: 0.6

url:httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb

Trust: 0.6

url:https://github.com/apache/

Trust: 0.6

url:https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.

Trust: 0.6

url:httpd/changes_2.4

Trust: 0.6

url:http://www.apache.org/dist/

Trust: 0.6

url:https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.

Trust: 0.6

url:httpd/commit/be0f5335e3e73eb63253b050fdc23f252f5c8ae3

Trust: 0.6

url:https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3ccvs.

Trust: 0.6

url:http://httpd.apache.org/

Trust: 0.3

url:http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-3183

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-3185

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-0228

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-0253

Trust: 0.3

url:https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs.httpd.apache.org%3e

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-0253

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3185

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-0228

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3183

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8109

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3583

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8161

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8500

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0242

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0241

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0243

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1349

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3581

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5911

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3166

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3165

Trust: 0.1

url:http://gpgtools.org

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0067

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-5704

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3167

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0244

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3183

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0228

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3185

Trust: 0.1

sources: VULHUB: VHN-78199 // VULMON: CVE-2015-0253 // BID: 75964 // JVNDB: JVNDB-2015-003797 // PACKETSTORM: 133281 // PACKETSTORM: 133619 // PACKETSTORM: 132743 // CNNVD: CNNVD-201507-656 // NVD: CVE-2015-0253

CREDITS

Yann Ylavic

Trust: 0.3

sources: BID: 75964

SOURCES

db:VULHUBid:VHN-78199
db:VULMONid:CVE-2015-0253
db:BIDid:75964
db:JVNDBid:JVNDB-2015-003797
db:PACKETSTORMid:133281
db:PACKETSTORMid:133619
db:PACKETSTORMid:132743
db:CNNVDid:CNNVD-201507-656
db:NVDid:CVE-2015-0253

LAST UPDATE DATE

2024-11-23T20:43:24.415000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-78199date:2020-10-27T00:00:00
db:VULMONid:CVE-2015-0253date:2021-06-06T00:00:00
db:BIDid:75964date:2016-07-05T21:28:00
db:JVNDBid:JVNDB-2015-003797date:2015-10-30T00:00:00
db:CNNVDid:CNNVD-201507-656date:2021-08-12T00:00:00
db:NVDid:CVE-2015-0253date:2024-11-21T02:22:39.610

SOURCES RELEASE DATE

db:VULHUBid:VHN-78199date:2015-07-20T00:00:00
db:VULMONid:CVE-2015-0253date:2015-07-20T00:00:00
db:BIDid:75964date:2015-07-15T00:00:00
db:JVNDBid:JVNDB-2015-003797date:2015-07-22T00:00:00
db:PACKETSTORMid:133281date:2015-08-24T22:06:47
db:PACKETSTORMid:133619date:2015-09-19T15:37:27
db:PACKETSTORMid:132743date:2015-07-20T15:45:36
db:CNNVDid:CNNVD-201507-656date:2015-07-21T00:00:00
db:NVDid:CVE-2015-0253date:2015-07-20T23:59:00.067