ID

VAR-201707-0556


CVE

CVE-2016-8743


TITLE

Cosminexus HTTP Server  and  Hitachi Web Server  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2016-008607

DESCRIPTION

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. Cosminexus HTTP Server and Hitachi Web Server has a vulnerability (CVE-2016-8743) exists.May have unspecified impact. Successfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. Security Fix(es): * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-2161) * A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys. (CVE-2016-7056) * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. (CVE-2016-8740) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/httpd-2.4.25-i586-1_slack14.2.txz: Upgraded. This update fixes the following security issues: * CVE-2016-8740: mod_http2: Mitigate DoS memory exhaustion via endless CONTINUATION frames. * CVE-2016-5387: core: Mitigate [f]cgi "httpoxy" issues. * CVE-2016-2161: mod_auth_digest: Prevent segfaults during client entry allocation when the shared memory space is exhausted. * CVE-2016-8743: Enforce HTTP request grammar corresponding to RFC7230 for request lines and request headers, to prevent response splitting and cache pollution by malicious clients or downstream proxies. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.25-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.25-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.25-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.25-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/httpd-2.4.25-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/httpd-2.4.25-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.25-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.25-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: 186e15ba143536daa3314076002c7821 httpd-2.4.25-i486-1_slack14.0.txz Slackware x86_64 14.0 package: f9eb3bf2a68a9bc8637a8d53a26ab6dd httpd-2.4.25-x86_64-1_slack14.0.txz Slackware 14.1 package: e416a15941f2c8c0eaebbd63e69164ff httpd-2.4.25-i486-1_slack14.1.txz Slackware x86_64 14.1 package: f1b4ccd7391b58bf9f78648c8c3c86b4 httpd-2.4.25-x86_64-1_slack14.1.txz Slackware 14.2 package: 18e672179bd4136eea419fbcdf1d587b httpd-2.4.25-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 250aa6c0782aefd28539e3c3f2ddde95 httpd-2.4.25-x86_64-1_slack14.2.txz Slackware -current package: 732e51e650d3287f4f415a0536c9c8fe n/httpd-2.4.25-i586-1.txz Slackware x86_64 -current package: ab4f1612c10531fce830aa1f562a9dd5 n/httpd-2.4.25-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg httpd-2.4.25-i586-1_slack14.2.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. ========================================================================== Ubuntu Security Notice USN-3373-1 July 31, 2017 apache2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Several security issues were fixed in Apache HTTP Server. Software Description: - apache2: Apache HTTP server Details: Emmanuel Dreyfus discovered that third-party modules using the ap_get_basic_auth_pw() function outside of the authentication phase may lead to authentication requirements being bypassed. This update adds a new ap_get_basic_auth_components() function for use by third-party modules. (CVE-2017-7668) ChenQin and Hanno BAPck discovered that the Apache mod_mime module incorrectly handled certain Content-Type response headers. A new configuration option "HttpProtocolOptions Unsafe" can be used to revert to the previous unsafe behaviour in problematic environments. (CVE-2016-8743) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: A apache2.2-binA A A A A A A A A A A A A A A A A A A 2.2.22-1ubuntu1.12 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbmu03753en_us Version: 1 HPESBMU03753 rev.1 - HPE System Management Homepage, Multiple Remote Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2017-09-26 Last Updated: 2017-09-26 Potential Security Impact: Local: Denial of Service (DoS), Elevation of Privilege, Execution of Arbitrary Code; Remote: Authentication Bypass, Cross-Site Scripting (XSS), Denial of Service (DoS), Disclosure of Sensitive Information, Execution of Arbitrary Code Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Several potential security vulnerabilities have been identified in HPE System Management Homepage (SMH) on Windows and Linux. The vulnerabilities could be exploited remotely resulting in Cross-site scripting, local and remote Denial of Service, local and remote execution of arbitrary code, local elevation of privilege and local unqualified configuration change. References: - CVE-2017-12544 - Cross-site Scripting (XSS) - CVE-2017-12545 - Denial of Service (DoS) - CVE-2017-12546 - Buffer overflow - CVE-2016-8743 - Remote Disclosure of Information - CVE-2017-12547 - Arbitrary command execution - CVE-2017-12548 - Arbitrary command execution - CVE-2017-12549 - Authentication bypass - CVE-2017-12550 - Security Misconfiguration - CVE-2017-12551 - Arbitrary execution of commands - CVE-2017-12552 - Arbitrary execution of commands - CVE-2017-12553 - Authentication bypass SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HP System Management Homepage Software prior to 7.6.1 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2016-8743 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVE-2017-12544 5.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N 6.8 (AV:N/AC:L/Au:S/C:C/I:N/A:N) CVE-2017-12545 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE-2017-12546 5.6 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N 5.5 (AV:L/AC:H/Au:S/C:C/I:C/A:N) CVE-2017-12547 5.6 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H 5.5 (AV:L/AC:H/Au:S/C:N/I:C/A:C) CVE-2017-12548 5.6 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H 5.5 (AV:L/AC:H/Au:S/C:N/I:C/A:C) CVE-2017-12549 5.6 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H 5.5 (AV:L/AC:H/Au:S/C:C/I:C/A:N) CVE-2017-12550 5.6 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H 5.5 (AV:L/AC:H/Au:S/C:N/I:C/A:C) CVE-2017-12551 5.6 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H 5.5 (AV:L/AC:H/Au:S/C:N/I:C/A:C) CVE-2017-12552 5.6 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H 5.5 (AV:L/AC:H/Au:S/C:N/I:C/A:C) CVE-2017-12553 5.6 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N 5.5 (AV:L/AC:H/Au:S/C:C/I:C/A:N) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has made the following software updates available to resolve the vulnerabilities for the impacted versions of HPE System Management Homepage (SMH). Please download the latest version of System Management Homepage (SMH) v7.6.1 from the following location: <https://www.hpe.com/info/smh> HISTORY Version:1 (rev.1) - 26 September 2017 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Wed, 12 Apr 2017 19:41:10 +0000 (UTC) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd security and bug fix update Advisory ID: RHSA-2017:0906-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:0906 Issue date: 2017-04-12 CVE Names: CVE-2016-0736 CVE-2016-2161 CVE-2016-8743 ===================================================================== 1. Summary: An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Security Fix(es): * It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. (CVE-2016-0736) * It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication. (CVE-2016-2161) * It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743) Note: The fix for the CVE-2016-8743 issue causes httpd to return "400 Bad Request" error to HTTP clients which do not strictly follow HTTP protocol specification. A newly introduced configuration directive "HttpProtocolOptions Unsafe" can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue. Bug Fix(es): * When waking up child processes during a graceful restart, the httpd parent process could attempt to open more connections than necessary if a large number of child processes had been active prior to the restart. Consequently, a graceful restart could take a long time to complete. With this update, httpd has been fixed to limit the number of connections opened during a graceful restart to the number of active children, and the described problem no longer occurs. (BZ#1420002) * Previously, httpd running in a container returned the 500 HTTP status code (Internal Server Error) when a connection to a WebSocket server was closed. As a consequence, the httpd server failed to deliver the correct HTTP status and data to a client. With this update, httpd correctly handles all proxied requests to the WebSocket server, and the described problem no longer occurs. (BZ#1429947) * In a configuration using LDAP authentication with the mod_authnz_ldap module, the name set using the AuthLDAPBindDN directive was not correctly used to bind to the LDAP server for all queries. Consequently, authorization attempts failed. The LDAP modules have been fixed to ensure the configured name is correctly bound for LDAP queries, and authorization using LDAP no longer fails. (BZ#1420047) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1406744 - CVE-2016-0736 httpd: Padding Oracle in Apache mod_session_crypto 1406753 - CVE-2016-2161 httpd: DoS vulnerability in mod_auth_digest 1406822 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects 1420002 - Backport fix for issue with graceful restart taking very long time sometimes 1420047 - AuthLDAPBindDN might not be used for some LDAP searches causing LDAP authz failures 1429947 - Backport: mod_proxy_wstunnel - AH02447: err/hup on backconn 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: httpd-2.4.6-45.el7_3.4.src.rpm noarch: httpd-manual-2.4.6-45.el7_3.4.noarch.rpm x86_64: httpd-2.4.6-45.el7_3.4.x86_64.rpm httpd-debuginfo-2.4.6-45.el7_3.4.x86_64.rpm httpd-devel-2.4.6-45.el7_3.4.x86_64.rpm httpd-tools-2.4.6-45.el7_3.4.x86_64.rpm mod_ldap-2.4.6-45.el7_3.4.x86_64.rpm mod_proxy_html-2.4.6-45.el7_3.4.x86_64.rpm mod_session-2.4.6-45.el7_3.4.x86_64.rpm mod_ssl-2.4.6-45.el7_3.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: httpd-2.4.6-45.el7_3.4.src.rpm noarch: httpd-manual-2.4.6-45.el7_3.4.noarch.rpm x86_64: httpd-2.4.6-45.el7_3.4.x86_64.rpm httpd-debuginfo-2.4.6-45.el7_3.4.x86_64.rpm httpd-devel-2.4.6-45.el7_3.4.x86_64.rpm httpd-tools-2.4.6-45.el7_3.4.x86_64.rpm mod_ldap-2.4.6-45.el7_3.4.x86_64.rpm mod_proxy_html-2.4.6-45.el7_3.4.x86_64.rpm mod_session-2.4.6-45.el7_3.4.x86_64.rpm mod_ssl-2.4.6-45.el7_3.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: httpd-2.4.6-45.el7_3.4.src.rpm aarch64: httpd-2.4.6-45.el7_3.4.aarch64.rpm httpd-debuginfo-2.4.6-45.el7_3.4.aarch64.rpm httpd-devel-2.4.6-45.el7_3.4.aarch64.rpm httpd-tools-2.4.6-45.el7_3.4.aarch64.rpm mod_ssl-2.4.6-45.el7_3.4.aarch64.rpm noarch: httpd-manual-2.4.6-45.el7_3.4.noarch.rpm ppc64: httpd-2.4.6-45.el7_3.4.ppc64.rpm httpd-debuginfo-2.4.6-45.el7_3.4.ppc64.rpm httpd-devel-2.4.6-45.el7_3.4.ppc64.rpm httpd-tools-2.4.6-45.el7_3.4.ppc64.rpm mod_ssl-2.4.6-45.el7_3.4.ppc64.rpm ppc64le: httpd-2.4.6-45.el7_3.4.ppc64le.rpm httpd-debuginfo-2.4.6-45.el7_3.4.ppc64le.rpm httpd-devel-2.4.6-45.el7_3.4.ppc64le.rpm httpd-tools-2.4.6-45.el7_3.4.ppc64le.rpm mod_ssl-2.4.6-45.el7_3.4.ppc64le.rpm s390x: httpd-2.4.6-45.el7_3.4.s390x.rpm httpd-debuginfo-2.4.6-45.el7_3.4.s390x.rpm httpd-devel-2.4.6-45.el7_3.4.s390x.rpm httpd-tools-2.4.6-45.el7_3.4.s390x.rpm mod_ssl-2.4.6-45.el7_3.4.s390x.rpm x86_64: httpd-2.4.6-45.el7_3.4.x86_64.rpm httpd-debuginfo-2.4.6-45.el7_3.4.x86_64.rpm httpd-devel-2.4.6-45.el7_3.4.x86_64.rpm httpd-tools-2.4.6-45.el7_3.4.x86_64.rpm mod_ssl-2.4.6-45.el7_3.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: httpd-debuginfo-2.4.6-45.el7_3.4.aarch64.rpm mod_ldap-2.4.6-45.el7_3.4.aarch64.rpm mod_proxy_html-2.4.6-45.el7_3.4.aarch64.rpm mod_session-2.4.6-45.el7_3.4.aarch64.rpm ppc64: httpd-debuginfo-2.4.6-45.el7_3.4.ppc64.rpm mod_ldap-2.4.6-45.el7_3.4.ppc64.rpm mod_proxy_html-2.4.6-45.el7_3.4.ppc64.rpm mod_session-2.4.6-45.el7_3.4.ppc64.rpm ppc64le: httpd-debuginfo-2.4.6-45.el7_3.4.ppc64le.rpm mod_ldap-2.4.6-45.el7_3.4.ppc64le.rpm mod_proxy_html-2.4.6-45.el7_3.4.ppc64le.rpm mod_session-2.4.6-45.el7_3.4.ppc64le.rpm s390x: httpd-debuginfo-2.4.6-45.el7_3.4.s390x.rpm mod_ldap-2.4.6-45.el7_3.4.s390x.rpm mod_proxy_html-2.4.6-45.el7_3.4.s390x.rpm mod_session-2.4.6-45.el7_3.4.s390x.rpm x86_64: httpd-debuginfo-2.4.6-45.el7_3.4.x86_64.rpm mod_ldap-2.4.6-45.el7_3.4.x86_64.rpm mod_proxy_html-2.4.6-45.el7_3.4.x86_64.rpm mod_session-2.4.6-45.el7_3.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: httpd-2.4.6-45.el7_3.4.src.rpm noarch: httpd-manual-2.4.6-45.el7_3.4.noarch.rpm x86_64: httpd-2.4.6-45.el7_3.4.x86_64.rpm httpd-debuginfo-2.4.6-45.el7_3.4.x86_64.rpm httpd-devel-2.4.6-45.el7_3.4.x86_64.rpm httpd-tools-2.4.6-45.el7_3.4.x86_64.rpm mod_ssl-2.4.6-45.el7_3.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: httpd-debuginfo-2.4.6-45.el7_3.4.x86_64.rpm mod_ldap-2.4.6-45.el7_3.4.x86_64.rpm mod_proxy_html-2.4.6-45.el7_3.4.x86_64.rpm mod_session-2.4.6-45.el7_3.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0736 https://access.redhat.com/security/cve/CVE-2016-2161 https://access.redhat.com/security/cve/CVE-2016-8743 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFY7n2lXlSAg2UNWIIRAn0EAJ95hoSJjNM/kZUXd8Ae6G5J3pXXHACfTIfP pb07muMthgb6w7tJ0kAuc4o= =gSHO -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7) - noarch, x86_64 3. The httpd24 Software Collection has been upgraded to version 2.4.25, which provides a number of bug fixes and enhancements over the previous version. For detailed changes, see the Red Hat Software Collections 2.4 Release Notes linked from the References section. (CVE-2016-0736) * A denial of service flaw was found in httpd's mod_http2 module. A remote attacker could use this flaw to block server threads for long times, causing starvation of worker threads, by manipulating the flow control windows on streams. * A vulnerability was found in httpd's handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash. (CVE-2016-8740) 4

Trust: 2.52

sources: NVD: CVE-2016-8743 // JVNDB: JVNDB-2016-008607 // BID: 95077 // VULMON: CVE-2016-8743 // PACKETSTORM: 142847 // PACKETSTORM: 140273 // PACKETSTORM: 143561 // PACKETSTORM: 144489 // PACKETSTORM: 142111 // PACKETSTORM: 142326

AFFECTED PRODUCTS

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.3

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.7

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.0

vendor:apachemodel:http serverscope:lteversion:2.4.23

Trust: 1.0

vendor:apachemodel:http serverscope:lteversion:2.2.31

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.7

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.4

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.6

Trust: 1.0

vendor:apachemodel:http serverscope:gteversion:2.4.1

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.3

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.6

Trust: 1.0

vendor:redhatmodel:jboss core servicesscope:eqversion:1.0

Trust: 1.0

vendor:apachemodel:http serverscope:gteversion:2.2.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.3

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.4

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.7

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.6

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.5

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:netappmodel:oncommand unified managerscope:eqversion: -

Trust: 1.0

vendor:日本電気model:webotxscope: - version: -

Trust: 0.8

vendor:日立model:hitachi it operations directorscope: - version: -

Trust: 0.8

vendor:日立model:jp1/integrated managementscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developerscope: - version: -

Trust: 0.8

vendor:日立model:jp1/service supportscope: - version: -

Trust: 0.8

vendor:日本電気model:istoragescope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus service architectscope: - version: -

Trust: 0.8

vendor:日立model:hitachi application serverscope: - version: -

Trust: 0.8

vendor:日立model:jp1/operations analyticsscope: - version: -

Trust: 0.8

vendor:日立model:jp1/it desktop management - managerscope: - version: -

Trust: 0.8

vendor:日立model:jp1/it desktop managementscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus primary serverscope: - version: -

Trust: 0.8

vendor:日本電気model:simpwrightscope: - version: -

Trust: 0.8

vendor:日本電気model:spoolserverシリーズscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developer lightscope: - version: -

Trust: 0.8

vendor:日立model:job management partner 1/it desktop managementscope: - version: -

Trust: 0.8

vendor:日立model:cosminexus http serverscope: - version: -

Trust: 0.8

vendor:日本電気model:mailshooterscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developer standardscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server standardscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server enterprisescope: - version: -

Trust: 0.8

vendor:日本電気model:csviewscope: - version: -

Trust: 0.8

vendor:日立model:job management partner 1/performance management - web consolescope: - version: -

Trust: 0.8

vendor:日立model:jp1/automatic job management system 3scope: - version: -

Trust: 0.8

vendor:日立model:hitachi application server for developersscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus service platformscope: - version: -

Trust: 0.8

vendor:apachemodel:http serverscope: - version: -

Trust: 0.8

vendor:日立model:job management partner 1/it desktop management - managerscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server smart editionscope: - version: -

Trust: 0.8

vendor:日立model:job management partner 1/integrated managementscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application serverscope: - version: -

Trust: 0.8

vendor:日立model:jp1/automatic operationscope: - version: -

Trust: 0.8

vendor:日立model:jp1/performance managementscope: - version: -

Trust: 0.8

vendor:日立model:hitachi web serverscope: - version: -

Trust: 0.8

vendor:apachemodel:http serverscope:eqversion:2.4.9

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.4.16

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.4.6

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.4.17

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.4.10

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.4.12

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.4.7

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.4.18

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.4.20

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.4.23

Trust: 0.6

vendor:hpmodel:system management homepagescope:eqversion:6.3.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.10.186

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.4.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.20

Trust: 0.3

vendor:redhatmodel:enterprise linux computenode optionalscope:eqversion:7

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:6

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.15-210

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.2.6

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.32

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.29

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:7

Trust: 0.3

vendor:apachemodel:apachescope:neversion:2.4.25

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.10

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.6

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.3.14

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.2.9.1

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.5

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:7

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.5.146

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.16

Trust: 0.3

vendor:redhatmodel:jboss core services on rhel serverscope:eqversion:60

Trust: 0.3

vendor:redhatmodel:enterprise linux server optionalscope:eqversion:7

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.3

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.5

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.12

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.2

Trust: 0.3

vendor:applemodel:security update el capitanscope:neversion:2017-0010

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.9

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.5

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.3.11

Trust: 0.3

vendor:redhatmodel:enterprise linux client optionalscope:eqversion:7

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.16

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.3.15

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.5

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.3

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.3

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.7

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.3.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.2.127

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12.4

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.0.2.106

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.3.12

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.8.179

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation optionalscope:eqversion:7

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.3.8

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.2

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.17

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.14.20

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.5.5

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.6

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.2.77

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.21

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.1

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.4

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.20

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.5.4

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.1-73

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.3.16

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.22

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2.27

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.13

Trust: 0.3

vendor:redhatmodel:jboss core services on rhel serverscope:eqversion:70

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.8

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:7

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.11

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:7

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.24

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.12

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.3.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.6.156

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.15

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.2

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.10

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.3.4

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.23

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.18

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.3

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.9

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.23

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.19

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.14

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.10

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.6

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.14

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.24

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.17

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.4

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.3.5

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.0.121

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.1.2

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.7

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.26

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.18

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.3.7

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.8

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.0.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.4.143

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.15210

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.64

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.4

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.11

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.3.3

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.3.13

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.19

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.2.8

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.3

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.3

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:security update yosemitescope:neversion:2017-0010

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.3.132

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.13

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.0.1

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.8

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.25

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.3.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.15

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.3.6

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2.0-12

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.3.10

Trust: 0.3

vendor:hpmodel:system management homepagescope:neversion:7.6.1

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.9

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.0.1.104

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.6

Trust: 0.3

sources: BID: 95077 // JVNDB: JVNDB-2016-008607 // CNNVD: CNNVD-201612-648 // NVD: CVE-2016-8743

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8743
value: HIGH

Trust: 1.0

VENDOR: JVNDB-2016-008607
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201612-648
value: HIGH

Trust: 0.6

VULMON: CVE-2016-8743
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-8743
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VENDOR: JVNDB-2016-008607
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2016-8743
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

VENDOR: JVNDB-2016-008607
baseSeverity: MEDIUM
baseScore: 4.0
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2016-8743 // JVNDB: JVNDB-2016-008607 // CNNVD: CNNVD-201612-648 // NVD: CVE-2016-8743

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Data processing (CWE-19) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2016-008607 // NVD: CVE-2016-8743

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 142111 // CNNVD: CNNVD-201612-648

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201612-648

PATCH

title:hitachi-sec-2018-103url:https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743

Trust: 0.8

title:Apache httpd Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66668

Trust: 0.6

title:Red Hat: Moderate: httpd security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20171721 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: httpd security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20170906 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: httpd24-httpd security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20171161 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 6url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20171414 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20171415 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 7url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20171413 - Security Advisory

Trust: 0.1

title:Amazon Linux AMI: ALAS-2017-851url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2017-851

Trust: 0.1

title:Debian Security Advisories: DSA-3796-1 apache2 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=0cabff5d756c97f9d71c1cafff6a8acc

Trust: 0.1

title:Ubuntu Security Notice: apache2 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3279-1

Trust: 0.1

title:Ubuntu Security Notice: apache2 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3373-1

Trust: 0.1

title:Debian CVElist Bug Report Logs: apache2: CVE-2016-8740: erver memory can be exhausted and service denied when HTTP/2 is usedurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=d7fc65c11d6c61493afd8cf310064550

Trust: 0.1

title:Amazon Linux AMI: ALAS-2017-785url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2017-785

Trust: 0.1

title:Amazon Linux AMI: ALAS-2017-863url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2017-863

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=a2bac27fb002bed513645d4775c7275b

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controllerurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=38227211accce022b0a3d9b56a974186

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - July 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=549dc795290b298746065b62b4bb7928

Trust: 0.1

title:Tenable Security Advisories: [R5] SecurityCenter 5.4.3 Fixes Multiple Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2017-04

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - April 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=143b3fb255063c81571469eaa3cf0a87

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - April 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=d78b3379ca364568964f30138964c7e7

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2016-8743

Trust: 0.1

title:DC-3-Vulnhub-Walkthroughurl:https://github.com/vshaliii/DC-3-Vulnhub-Walkthrough

Trust: 0.1

title:DC-2-Vulnhub-Walkthroughurl:https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough

Trust: 0.1

title:Basic-Pentesting-2-Vulnhub-Walkthroughurl:https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough

Trust: 0.1

title: - url:https://github.com/bioly230/THM_Skynet

Trust: 0.1

title:Basic-Pentesting-2url:https://github.com/vshaliii/Basic-Pentesting-2

Trust: 0.1

title: - url:https://github.com/NikulinMS/13-01-hw

Trust: 0.1

sources: VULMON: CVE-2016-8743 // JVNDB: JVNDB-2016-008607 // CNNVD: CNNVD-201612-648

EXTERNAL IDS

db:NVDid:CVE-2016-8743

Trust: 4.2

db:BIDid:95077

Trust: 1.9

db:SECTRACKid:1037508

Trust: 1.6

db:TENABLEid:TNS-2017-04

Trust: 1.6

db:JVNid:JVNVU99304449

Trust: 0.8

db:JVNDBid:JVNDB-2016-008607

Trust: 0.8

db:AUSCERTid:ESB-2019.4748

Trust: 0.6

db:AUSCERTid:ESB-2019.1415

Trust: 0.6

db:CNNVDid:CNNVD-201612-648

Trust: 0.6

db:VULMONid:CVE-2016-8743

Trust: 0.1

db:PACKETSTORMid:142847

Trust: 0.1

db:PACKETSTORMid:140273

Trust: 0.1

db:PACKETSTORMid:143561

Trust: 0.1

db:PACKETSTORMid:144489

Trust: 0.1

db:PACKETSTORMid:142111

Trust: 0.1

db:PACKETSTORMid:142326

Trust: 0.1

sources: VULMON: CVE-2016-8743 // BID: 95077 // JVNDB: JVNDB-2016-008607 // PACKETSTORM: 142847 // PACKETSTORM: 140273 // PACKETSTORM: 143561 // PACKETSTORM: 144489 // PACKETSTORM: 142111 // PACKETSTORM: 142326 // CNNVD: CNNVD-201612-648 // NVD: CVE-2016-8743

REFERENCES

url:http://rhn.redhat.com/errata/rhsa-2017-1415.html

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2017:0906

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2017:1161

Trust: 1.7

url:https://support.apple.com/ht208221

Trust: 1.6

url:https://access.redhat.com/errata/rhsa-2017:1414

Trust: 1.6

url:https://access.redhat.com/errata/rhsa-2017:1413

Trust: 1.6

url:http://www.debian.org/security/2017/dsa-3796

Trust: 1.6

url:https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbmu03753en_us

Trust: 1.6

url:http://www.securityfocus.com/bid/95077

Trust: 1.6

url:https://security.gentoo.org/glsa/201701-36

Trust: 1.6

url:http://www.securitytracker.com/id/1037508

Trust: 1.6

url:https://security.netapp.com/advisory/ntap-20180423-0001/

Trust: 1.6

url:https://access.redhat.com/errata/rhsa-2017:1721

Trust: 1.6

url:https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbux03725en_us

Trust: 1.6

url:https://www.tenable.com/security/tns-2017-04

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2016-8743

Trust: 1.4

url:https://httpd.apache.org/security/vulnerabilities_24.html#cve-2016-8743

Trust: 1.0

url:https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r09b8a39d1262adbab5528eea73df1b1f93e919bf004ed5a843d9cad1%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r4fe84db67fe9dc906c6185e58bbd9913f4356dd555a5c3db490694e5%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r94284b139540e5287ebdd3450682d3e3d187263dd6b75af8fa7d4890%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rfcb6c7b9e7ca727a7eeeb5f13f89488a03981cfa0e7c3125f18fa239%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:http://jvn.jp/vu/jvnvu99304449/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2016-4975

Trust: 0.8

url:httpd.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r4fe84db67fe9dc906c6185e58bbd9913f4356dd555a5c3db490694e5@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r09b8a39d1262adbab5528eea73df1b1f93e919bf004ed5a843d9cad1@%3ccvs.

Trust: 0.6

url:httpd.apache.org/security/vulnerabilities_24.html#cve-2016-8743

Trust: 0.6

url:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rfcb6c7b9e7ca727a7eeeb5f13f89488a03981cfa0e7c3125f18fa239@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r94284b139540e5287ebdd3450682d3e3d187263dd6b75af8fa7d4890@%3ccvs.

Trust: 0.6

url:http://www.ibm.com/support/docview.wss?uid=ibm10715641

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4748/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/79678

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1138588

Trust: 0.6

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbmu03753en_us

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2016-2161

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2016-0736

Trust: 0.4

url:http://httpd.apache.org/security/vulnerabilities_24.html

Trust: 0.3

url:http://www.apache.org

Trust: 0.3

url:https://www.oracle.com/technetwork/topics/security/linuxbulletinjul2017-3832368.html

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2016-0736

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2016-8743

Trust: 0.3

url:https://access.redhat.com/security/team/contact/

Trust: 0.3

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-8740

Trust: 0.3

url:https://bugzilla.redhat.com/):

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2016-2161

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2016-8740

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-8610

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-8610

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/documentation/en/red-hat-jboss-core-services/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-7056

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-6304

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp&downloadtype=securitypatches&version=2.4.23

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-7056

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-6304

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8740

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-5387

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0736

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8743

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2161

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5387

Trust: 0.1

url:https://www.ubuntu.com/usn/usn-3373-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3167

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-7679

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-7668

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3169

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-12551

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-12546

Trust: 0.1

url:http://www.hpe.com/support/security_bulletin_archive

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-12549

Trust: 0.1

url:https://www.hpe.com/info/report-security-vulnerability

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-12545

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-12547

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-12548

Trust: 0.1

url:https://www.hpe.com/info/smh>

Trust: 0.1

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-12544

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-12550

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-12553

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-12552

Trust: 0.1

url:http://www.hpe.com/support/subscriber_choice

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_software_collections/2/html/2.4_release_notes/chap-rhscl.html#sect-rhscl-changes-httpd

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1546

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1546

Trust: 0.1

sources: BID: 95077 // JVNDB: JVNDB-2016-008607 // PACKETSTORM: 142847 // PACKETSTORM: 140273 // PACKETSTORM: 143561 // PACKETSTORM: 144489 // PACKETSTORM: 142111 // PACKETSTORM: 142326 // CNNVD: CNNVD-201612-648 // NVD: CVE-2016-8743

CREDITS

David Dennerline at IBM Security's X-Force Researchers as well as Regis Leroy

Trust: 0.6

sources: CNNVD: CNNVD-201612-648

SOURCES

db:VULMONid:CVE-2016-8743
db:BIDid:95077
db:JVNDBid:JVNDB-2016-008607
db:PACKETSTORMid:142847
db:PACKETSTORMid:140273
db:PACKETSTORMid:143561
db:PACKETSTORMid:144489
db:PACKETSTORMid:142111
db:PACKETSTORMid:142326
db:CNNVDid:CNNVD-201612-648
db:NVDid:CVE-2016-8743

LAST UPDATE DATE

2024-11-06T21:05:43.660000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2016-8743date:2023-11-07T00:00:00
db:BIDid:95077date:2017-09-27T18:00:00
db:JVNDBid:JVNDB-2016-008607date:2023-06-29T00:58:00
db:CNNVDid:CNNVD-201612-648date:2022-09-08T00:00:00
db:NVDid:CVE-2016-8743date:2023-11-07T02:36:29.180

SOURCES RELEASE DATE

db:VULMONid:CVE-2016-8743date:2017-07-27T00:00:00
db:BIDid:95077date:2016-12-20T00:00:00
db:JVNDBid:JVNDB-2016-008607date:2017-06-26T00:00:00
db:PACKETSTORMid:142847date:2017-06-07T22:47:43
db:PACKETSTORMid:140273date:2016-12-25T13:13:00
db:PACKETSTORMid:143561date:2017-07-31T18:22:22
db:PACKETSTORMid:144489date:2017-10-03T20:20:00
db:PACKETSTORMid:142111date:2017-04-12T23:48:12
db:PACKETSTORMid:142326date:2017-04-26T16:05:26
db:CNNVDid:CNNVD-201612-648date:2016-12-23T00:00:00
db:NVDid:CVE-2016-8743date:2017-07-27T21:29:00.287