ID

VAR-201707-1241


CVE

CVE-2017-9788


TITLE

Apache httpd Security hole

Trust: 0.6

sources: CNNVD: CNNVD-201706-931

DESCRIPTION

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. Apache HTTP Server is prone to a memory-corruption vulnerability. Attackers can exploit this issue to cause to obtain sensitive information or cause denial-of-service conditions. Versions prior to Apache httpd 2.2.34 and 2.4.27 are vulnerable. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. An httpd module using this API function could consequently allow access that should have been denied. JIRA issues fixed (https://issues.jboss.org/): JBCS-329 - Unable to load large CRL openssl problem JBCS-336 - Errata for httpd 2.4.23 SP2 RHEL 7 7. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The updates are documented in the Release Notes document linked to in the References. This release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a update for Red Hat JBoss Web Server 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References. (CVE-2017-9788) * A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615) * A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. (CVE-2017-9798) Red Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno BAPck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and GaA<<tan Leurent (Inria) as the original reporters of CVE-2016-2183. Bug Fix(es): * Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1338640) * mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1448709) * CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075) 4. Solution: Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). Bugs fixed (https://bugzilla.redhat.com/): 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest 1490344 - CVE-2017-9798 httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed) 1493075 - Unable to load large CRL openssl problem 1493220 - CVE-2017-12615 tomcat: Remote Code Execution via JSP Upload 1494283 - CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615 6. 7) - x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: httpd24-httpd security update Advisory ID: RHSA-2017:2483-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2017:2483 Issue date: 2017-08-16 CVE Names: CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679 CVE-2017-9788 ===================================================================== 1. Summary: An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Security Fix(es): * It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788) * It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167) * A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169) * A NULL pointer dereference flaw was found in the mod_http2 module of httpd. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP/2 request. (CVE-2017-7659) * A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668) * A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass 1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference 1463199 - CVE-2017-7659 httpd: mod_http2 NULL pointer dereference 1463205 - CVE-2017-7668 httpd: ap_find_token() buffer overread 1463207 - CVE-2017-7679 httpd: mod_mime buffer overread 1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: httpd24-httpd-2.4.25-9.el6.1.src.rpm noarch: httpd24-httpd-manual-2.4.25-9.el6.1.noarch.rpm x86_64: httpd24-httpd-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-devel-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-tools-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_ldap-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_proxy_html-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_session-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_ssl-2.4.25-9.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: httpd24-httpd-2.4.25-9.el6.1.src.rpm noarch: httpd24-httpd-manual-2.4.25-9.el6.1.noarch.rpm x86_64: httpd24-httpd-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-devel-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-tools-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_ldap-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_proxy_html-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_session-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_ssl-2.4.25-9.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: httpd24-httpd-2.4.25-9.el6.1.src.rpm noarch: httpd24-httpd-manual-2.4.25-9.el6.1.noarch.rpm x86_64: httpd24-httpd-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-devel-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-tools-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_ldap-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_proxy_html-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_session-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_ssl-2.4.25-9.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: httpd24-httpd-2.4.25-9.el7.1.src.rpm noarch: httpd24-httpd-manual-2.4.25-9.el7.1.noarch.rpm x86_64: httpd24-httpd-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_session-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.25-9.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3): Source: httpd24-httpd-2.4.25-9.el7.1.src.rpm noarch: httpd24-httpd-manual-2.4.25-9.el7.1.noarch.rpm x86_64: httpd24-httpd-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_session-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.25-9.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: httpd24-httpd-2.4.25-9.el7.1.src.rpm noarch: httpd24-httpd-manual-2.4.25-9.el7.1.noarch.rpm x86_64: httpd24-httpd-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_session-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.25-9.el7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-3167 https://access.redhat.com/security/cve/CVE-2017-3169 https://access.redhat.com/security/cve/CVE-2017-7659 https://access.redhat.com/security/cve/CVE-2017-7668 https://access.redhat.com/security/cve/CVE-2017-7679 https://access.redhat.com/security/cve/CVE-2017-9788 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZlNCpXlSAg2UNWIIRArzwAJwNfAuroR6X18rUh+zmjiMy5iBkdwCeJF6e 4v4GwWYC+5xG0xxXzTEQyAg= =UV+2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . (BZ#1508885) 4. The JBoss server process must be restarted for the update to take effect. 7.3) - ppc64, ppc64le, s390x, x86_64 3. The References section of this erratum contains a download link (you must log in to download the update)

Trust: 2.16

sources: NVD: CVE-2017-9788 // BID: 99569 // VULHUB: VHN-117991 // VULMON: CVE-2017-9788 // PACKETSTORM: 143358 // PACKETSTORM: 144136 // PACKETSTORM: 144869 // PACKETSTORM: 143767 // PACKETSTORM: 143785 // PACKETSTORM: 145018 // PACKETSTORM: 144968 // PACKETSTORM: 144865 // PACKETSTORM: 144134

AFFECTED PRODUCTS

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.13.1

Trust: 1.0

vendor:redhatmodel:jboss enterprise web serverscope:eqversion:2.0.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.4

Trust: 1.0

vendor:apachemodel:http serverscope:lteversion:2.2.33

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.0

vendor:netappmodel:storage automation storescope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.6

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.2

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:6.4.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.3

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.4

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.6

Trust: 1.0

vendor:redhatmodel:jboss core servicesscope:eqversion:1.0

Trust: 1.0

vendor:apachemodel:http serverscope:lteversion:2.4.26

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.4

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.3

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.2

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:6.0.0

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:6.0

Trust: 1.0

vendor:apachemodel:http serverscope:gteversion:2.4.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:6.7

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.6

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.5

Trust: 1.0

vendor:oraclemodel:secure global desktopscope:eqversion:5.3

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.3

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.2

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:netappmodel:oncommand unified managerscope:eqversion: -

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.4.10

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.4.6

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.4.4

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.4.2

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.4.9

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.4.1

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.4.12

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.2.32

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.4.3

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.4.7

Trust: 0.6

vendor:ubuntumodel:linuxscope:eqversion:17.04

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:16.04

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:14.04

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:6

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.26

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.25

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.23

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.20

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.19

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.18

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.17

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.16

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.14

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.12

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.11

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.10

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.5

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.4

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.33

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.26

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.25

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.24

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.23

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.15

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.14

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.13

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.12

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.11

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.10

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.9

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.8

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.6

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.5

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.4

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.3

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.2

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.9

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.8

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.7

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.6

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.3

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.24

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.2

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.13

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.1

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.32

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.29

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.22

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.21

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.20

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.19

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.18

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.17

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.16

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.1

Trust: 0.3

vendor:apachemodel:apachescope:neversion:2.2.34

Trust: 0.3

vendor:apachemodel:apachescope:neversion:2.4.27

Trust: 0.3

sources: BID: 99569 // CNNVD: CNNVD-201706-931 // NVD: CVE-2017-9788

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-9788
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-201706-931
value: CRITICAL

Trust: 0.6

VULHUB: VHN-117991
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-9788
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-9788
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-117991
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-9788
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-117991 // VULMON: CVE-2017-9788 // CNNVD: CNNVD-201706-931 // NVD: CVE-2017-9788

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-200

Trust: 1.1

sources: VULHUB: VHN-117991 // NVD: CVE-2017-9788

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 143767 // PACKETSTORM: 143785 // PACKETSTORM: 144968 // CNNVD: CNNVD-201706-931

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201706-931

PATCH

title:Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89486

Trust: 0.6

title:Red Hat: Important: Red Hat JBoss Core Services security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20172710 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20172709 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: apache2 vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3370-2

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20172708 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-3913-1 apache2 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=d9fddec113878a445ed8009b9b095457

Trust: 0.1

title:Debian CVElist Bug Report Logs: apache2: CVE-2017-9788url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=5acf2d8c1512b0afa80a30a349e7a2c3

Trust: 0.1

title:Ubuntu Security Notice: apache2 vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3370-1

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.18 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173240 - Security Advisory

Trust: 0.1

title:Red Hat: Important: httpd security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173194 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.18 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173239 - Security Advisory

Trust: 0.1

title:Red Hat: Important: httpd security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173193 - Security Advisory

Trust: 0.1

title:Red Hat: Important: httpd security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173195 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Web Server security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173113 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Web Server security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173114 - Security Advisory

Trust: 0.1

title:Arch Linux Advisories: [ASA-201707-15] apache: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201707-15

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2017-9788

Trust: 0.1

title:Amazon Linux AMI: ALAS-2017-892url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2017-892

Trust: 0.1

title:Symantec Security Advisories: Apache HTTP Server Vulnerabilities Jul 2017 - Sep 2018url:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=d2f801f4ee4b743c8db2cea35625dd16

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=a22ad41e97bbfc5abb0bb927bf43089c

Trust: 0.1

title:Tenable Security Advisories: [R1] Tenable.sc 5.13.0 Fixes Multiple Third-Party Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2019-09

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - October 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - July 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=549dc795290b298746065b62b4bb7928

Trust: 0.1

title:MITRE_NISTurl:https://github.com/ColumbusCollaboratory/MITRE_NIST

Trust: 0.1

title:tab_pie_external_honggfuzzurl:https://github.com/CredenceID/tab_pie_external_honggfuzz

Trust: 0.1

title:platform_external_honggfuzzurl:https://github.com/DennissimOS/platform_external_honggfuzz

Trust: 0.1

title:nrichurl:https://github.com/retr0-13/nrich

Trust: 0.1

title: - url:https://github.com/RoseSecurity-Research/Red-Teaming-TTPs

Trust: 0.1

title:android_external_honggfuzzurl:https://github.com/khadas/android_external_honggfuzz

Trust: 0.1

title:android_external_honggfuzzurl:https://github.com/bananadroid/android_external_honggfuzz

Trust: 0.1

title:android_external_honggfuzzurl:https://github.com/random-aosp-stuff/android_external_honggfuzz

Trust: 0.1

title:android_external_honggfuzzurl:https://github.com/TheXPerienceProject/android_external_honggfuzz

Trust: 0.1

title:honggfuzz_READurl:https://github.com/imbaya2466/honggfuzz_READ

Trust: 0.1

title:external_honggfuzzurl:https://github.com/ForkLineageOS/external_honggfuzz

Trust: 0.1

title:external_honggfuzzurl:https://github.com/Wave-Project/external_honggfuzz

Trust: 0.1

title:Red-Teaming-TTPsurl:https://github.com/RoseSecurity/Red-Teaming-TTPs

Trust: 0.1

title:external_honggfuzzurl:https://github.com/swordphoenix/external_honggfuzz

Trust: 0.1

title:platform_external_honggfuzzurl:https://github.com/aosp-caf-upstream/platform_external_honggfuzz

Trust: 0.1

title:external_honggfuzzurl:https://github.com/crdroid-r/external_honggfuzz

Trust: 0.1

title:external_honggfuzzurl:https://github.com/yaap/external_honggfuzz

Trust: 0.1

title:Shodan-nrichurl:https://github.com/PawanKumarPandit/Shodan-nrich

Trust: 0.1

title:external_honggfuzzurl:https://github.com/TinkerEdgeR-Android/external_honggfuzz

Trust: 0.1

title:android_external_honggfuzzurl:https://github.com/Corvus-R/android_external_honggfuzz

Trust: 0.1

title:external-honggfuzzurl:https://github.com/TinkerBoard2-Android/external-honggfuzz

Trust: 0.1

title:external_honggfuzzurl:https://github.com/Ozone-OS/external_honggfuzz

Trust: 0.1

title:android_external_honggfuzzurl:https://github.com/StatiXOS/android_external_honggfuzz

Trust: 0.1

title:android_external_honggfuzzurl:https://github.com/crdroidandroid/android_external_honggfuzz

Trust: 0.1

title: - url:https://github.com/aosp10-public/external_honggfuzz

Trust: 0.1

title:external_honggfuzzurl:https://github.com/CAF-Extended/external_honggfuzz

Trust: 0.1

title:android_external_honggfuzzurl:https://github.com/jingpad-bsp/android_external_honggfuzz

Trust: 0.1

title: - url:https://github.com/TinkerBoard-Android/rockchip-android-external-honggfuzz

Trust: 0.1

title:external_honggfuzzurl:https://github.com/Project-1CE/external_honggfuzz

Trust: 0.1

title:android_external_honggfuzzurl:https://github.com/ProtonAOSP/android_external_honggfuzz

Trust: 0.1

title:android_external_honggfuzzurl:https://github.com/ProtonAOSP-platina/android_external_honggfuzz

Trust: 0.1

title:external-honggfuzzurl:https://github.com/TinkerBoard-Android/external-honggfuzz

Trust: 0.1

title: - url:https://github.com/Tomoms/android_external_honggfuzz

Trust: 0.1

title:external_honggfuzzurl:https://github.com/TinkerBoard2-Android/external_honggfuzz

Trust: 0.1

title:external_honggfuzzurl:https://github.com/HavocR/external_honggfuzz

Trust: 0.1

title:lllnxurl:https://github.com/lllnx/lllnx

Trust: 0.1

title: - url:https://github.com/ep-infosec/50_google_honggfuzz

Trust: 0.1

title:TEC-MBSD2017url:https://github.com/keloud/TEC-MBSD2017

Trust: 0.1

sources: VULMON: CVE-2017-9788 // CNNVD: CNNVD-201706-931

EXTERNAL IDS

db:NVDid:CVE-2017-9788

Trust: 3.0

db:BIDid:99569

Trust: 2.0

db:TENABLEid:TNS-2019-09

Trust: 1.7

db:SECTRACKid:1038906

Trust: 1.7

db:CNNVDid:CNNVD-201706-931

Trust: 0.7

db:PACKETSTORMid:143358

Trust: 0.2

db:PACKETSTORMid:143534

Trust: 0.1

db:PACKETSTORMid:143615

Trust: 0.1

db:VULHUBid:VHN-117991

Trust: 0.1

db:VULMONid:CVE-2017-9788

Trust: 0.1

db:PACKETSTORMid:144136

Trust: 0.1

db:PACKETSTORMid:144869

Trust: 0.1

db:PACKETSTORMid:143767

Trust: 0.1

db:PACKETSTORMid:143785

Trust: 0.1

db:PACKETSTORMid:145018

Trust: 0.1

db:PACKETSTORMid:144968

Trust: 0.1

db:PACKETSTORMid:144865

Trust: 0.1

db:PACKETSTORMid:144134

Trust: 0.1

sources: VULHUB: VHN-117991 // VULMON: CVE-2017-9788 // BID: 99569 // PACKETSTORM: 143358 // PACKETSTORM: 144136 // PACKETSTORM: 144869 // PACKETSTORM: 143767 // PACKETSTORM: 143785 // PACKETSTORM: 145018 // PACKETSTORM: 144968 // PACKETSTORM: 144865 // PACKETSTORM: 144134 // CNNVD: CNNVD-201706-931 // NVD: CVE-2017-9788

REFERENCES

url:http://www.securityfocus.com/bid/99569

Trust: 2.3

url:http://www.debian.org/security/2017/dsa-3913

Trust: 2.3

url:https://access.redhat.com/errata/rhsa-2017:2479

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2017:2483

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2017:2708

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2017:2709

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2017:3113

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2017:3114

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2017:3194

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2017:3240

Trust: 1.8

url:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20170911-0002/

Trust: 1.7

url:https://support.apple.com/ht208221

Trust: 1.7

url:https://www.tenable.com/security/tns-2019-09

Trust: 1.7

url:https://security.gentoo.org/glsa/201710-32

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2017:2478

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2017:2710

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2017:3193

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2017:3195

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2017:3239

Trust: 1.7

url:http://www.securitytracker.com/id/1038906

Trust: 1.7

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbux03908en_us

Trust: 1.6

url:https://httpd.apache.org/security/vulnerabilities_22.html

Trust: 1.1

url:https://httpd.apache.org/security/vulnerabilities_24.html

Trust: 1.1

url:https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb%40%3cannounce.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2017-9788

Trust: 0.9

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2017-9788

Trust: 0.8

url:https://bugzilla.redhat.com/):

Trust: 0.8

url:https://access.redhat.com/security/team/contact/

Trust: 0.8

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.8

url:https://access.redhat.com/articles/11258

Trust: 0.7

url:https://access.redhat.com/security/team/key/

Trust: 0.6

url:httpd.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.

Trust: 0.6

url:httpd.apache.org/security/vulnerabilities_22.html

Trust: 0.6

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.

Trust: 0.6

url:httpd.apache.org/security/vulnerabilities_24.html

Trust: 0.6

url:https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb@%3cannounce.

Trust: 0.6

url:https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2016-2183

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2016-2183

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2017-9798

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2017-9798

Trust: 0.4

url:http://www.apache.org/

Trust: 0.3

url:https://httpd.apache.org/

Trust: 0.3

url:https://bugzilla.redhat.com/show_bug.cgi?id=1470748

Trust: 0.3

url:http://seclists.org/oss-sec/2017/q3/127

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2017-7668

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2017-3169

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2017-7679

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2017-3167

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2017-3167

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2017-7679

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2017-7668

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2017-3169

Trust: 0.3

url:https://issues.jboss.org/):

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-3185

Trust: 0.2

url:https://access.redhat.com/documentation/en/red-hat-jboss-core-services/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-3185

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-12617

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-12615

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-12615

Trust: 0.2

url:https://access.redhat.com/articles/3227901

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-12617

Trust: 0.2

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&amp;docid=emr_na-hpesbux03908en_us

Trust: 0.1

url:https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb@%3cannounce.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://httpd.apache.org/security_report.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-7659

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-7659

Trust: 0.1

url:https://access.redhat.com/articles/3229231

Trust: 0.1

url:https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver&downloadtype=securitypatches&version=2.1.2

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp&downloadtype=securitypatches&version=2.4.23

Trust: 0.1

sources: VULHUB: VHN-117991 // BID: 99569 // PACKETSTORM: 143358 // PACKETSTORM: 144136 // PACKETSTORM: 144869 // PACKETSTORM: 143767 // PACKETSTORM: 143785 // PACKETSTORM: 145018 // PACKETSTORM: 144968 // PACKETSTORM: 144865 // PACKETSTORM: 144134 // CNNVD: CNNVD-201706-931 // NVD: CVE-2017-9788

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 144136 // PACKETSTORM: 144869 // PACKETSTORM: 143767 // PACKETSTORM: 143785 // PACKETSTORM: 145018 // PACKETSTORM: 144968 // PACKETSTORM: 144865 // PACKETSTORM: 144134

SOURCES

db:VULHUBid:VHN-117991
db:VULMONid:CVE-2017-9788
db:BIDid:99569
db:PACKETSTORMid:143358
db:PACKETSTORMid:144136
db:PACKETSTORMid:144869
db:PACKETSTORMid:143767
db:PACKETSTORMid:143785
db:PACKETSTORMid:145018
db:PACKETSTORMid:144968
db:PACKETSTORMid:144865
db:PACKETSTORMid:144134
db:CNNVDid:CNNVD-201706-931
db:NVDid:CVE-2017-9788

LAST UPDATE DATE

2024-11-07T21:09:34.673000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-117991date:2019-08-15T00:00:00
db:VULMONid:CVE-2017-9788date:2023-11-07T00:00:00
db:BIDid:99569date:2017-08-16T08:10:00
db:CNNVDid:CNNVD-201706-931date:2021-06-07T00:00:00
db:NVDid:CVE-2017-9788date:2023-11-07T02:50:52.257

SOURCES RELEASE DATE

db:VULHUBid:VHN-117991date:2017-07-13T00:00:00
db:VULMONid:CVE-2017-9788date:2017-07-13T00:00:00
db:BIDid:99569date:2017-07-11T00:00:00
db:PACKETSTORMid:143358date:2017-07-13T04:44:44
db:PACKETSTORMid:144136date:2017-09-14T19:50:57
db:PACKETSTORMid:144869date:2017-11-02T23:50:49
db:PACKETSTORMid:143767date:2017-08-15T22:25:00
db:PACKETSTORMid:143785date:2017-08-16T23:35:53
db:PACKETSTORMid:145018date:2017-11-17T00:10:45
db:PACKETSTORMid:144968date:2017-11-14T04:32:05
db:PACKETSTORMid:144865date:2017-11-02T23:39:48
db:PACKETSTORMid:144134date:2017-09-14T19:44:18
db:CNNVDid:CNNVD-201706-931date:2017-06-22T00:00:00
db:NVDid:CVE-2017-9788date:2017-07-13T16:29:00.227