Details of VAR-201707-1241

ID

VAR-201707-1241

CVE

CVE-2017-9788

TITLE

Apache HTTP Server Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-005787

DESCRIPTION

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. Apache HTTP Server Contains an input validation vulnerability and an information disclosure vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. A security vulnerability exists in Apache httpd versions prior to 2.2.34 and 2.4.x versions prior to 2.4.27. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. An httpd module using this API function could consequently allow access that should have been denied. JIRA issues fixed (https://issues.jboss.org/): JBCS-329 - Unable to load large CRL openssl problem JBCS-336 - Errata for httpd 2.4.23 SP2 RHEL 7 7. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: httpd security update Advisory ID: RHSA-2017:2479-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2479 Issue date: 2017-08-15 CVE Names: CVE-2017-3167 CVE-2017-3169 CVE-2017-7668 CVE-2017-7679 CVE-2017-9788 ===================================================================== 1. Summary: An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788) * It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167) * A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169) * A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668) * A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass 1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference 1463205 - CVE-2017-7668 httpd: ap_find_token() buffer overread 1463207 - CVE-2017-7679 httpd: mod_mime buffer overread 1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: httpd-2.4.6-67.el7_4.2.src.rpm noarch: httpd-manual-2.4.6-67.el7_4.2.noarch.rpm x86_64: httpd-2.4.6-67.el7_4.2.x86_64.rpm httpd-debuginfo-2.4.6-67.el7_4.2.x86_64.rpm httpd-devel-2.4.6-67.el7_4.2.x86_64.rpm httpd-tools-2.4.6-67.el7_4.2.x86_64.rpm mod_ldap-2.4.6-67.el7_4.2.x86_64.rpm mod_proxy_html-2.4.6-67.el7_4.2.x86_64.rpm mod_session-2.4.6-67.el7_4.2.x86_64.rpm mod_ssl-2.4.6-67.el7_4.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: httpd-2.4.6-67.el7_4.2.src.rpm noarch: httpd-manual-2.4.6-67.el7_4.2.noarch.rpm x86_64: httpd-2.4.6-67.el7_4.2.x86_64.rpm httpd-debuginfo-2.4.6-67.el7_4.2.x86_64.rpm httpd-devel-2.4.6-67.el7_4.2.x86_64.rpm httpd-tools-2.4.6-67.el7_4.2.x86_64.rpm mod_ldap-2.4.6-67.el7_4.2.x86_64.rpm mod_proxy_html-2.4.6-67.el7_4.2.x86_64.rpm mod_session-2.4.6-67.el7_4.2.x86_64.rpm mod_ssl-2.4.6-67.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: httpd-2.4.6-67.el7_4.2.src.rpm aarch64: httpd-2.4.6-67.el7_4.2.aarch64.rpm httpd-debuginfo-2.4.6-67.el7_4.2.aarch64.rpm httpd-devel-2.4.6-67.el7_4.2.aarch64.rpm httpd-tools-2.4.6-67.el7_4.2.aarch64.rpm mod_session-2.4.6-67.el7_4.2.aarch64.rpm mod_ssl-2.4.6-67.el7_4.2.aarch64.rpm noarch: httpd-manual-2.4.6-67.el7_4.2.noarch.rpm ppc64: httpd-2.4.6-67.el7_4.2.ppc64.rpm httpd-debuginfo-2.4.6-67.el7_4.2.ppc64.rpm httpd-devel-2.4.6-67.el7_4.2.ppc64.rpm httpd-tools-2.4.6-67.el7_4.2.ppc64.rpm mod_session-2.4.6-67.el7_4.2.ppc64.rpm mod_ssl-2.4.6-67.el7_4.2.ppc64.rpm ppc64le: httpd-2.4.6-67.el7_4.2.ppc64le.rpm httpd-debuginfo-2.4.6-67.el7_4.2.ppc64le.rpm httpd-devel-2.4.6-67.el7_4.2.ppc64le.rpm httpd-tools-2.4.6-67.el7_4.2.ppc64le.rpm mod_session-2.4.6-67.el7_4.2.ppc64le.rpm mod_ssl-2.4.6-67.el7_4.2.ppc64le.rpm s390x: httpd-2.4.6-67.el7_4.2.s390x.rpm httpd-debuginfo-2.4.6-67.el7_4.2.s390x.rpm httpd-devel-2.4.6-67.el7_4.2.s390x.rpm httpd-tools-2.4.6-67.el7_4.2.s390x.rpm mod_session-2.4.6-67.el7_4.2.s390x.rpm mod_ssl-2.4.6-67.el7_4.2.s390x.rpm x86_64: httpd-2.4.6-67.el7_4.2.x86_64.rpm httpd-debuginfo-2.4.6-67.el7_4.2.x86_64.rpm httpd-devel-2.4.6-67.el7_4.2.x86_64.rpm httpd-tools-2.4.6-67.el7_4.2.x86_64.rpm mod_session-2.4.6-67.el7_4.2.x86_64.rpm mod_ssl-2.4.6-67.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: httpd-debuginfo-2.4.6-67.el7_4.2.aarch64.rpm mod_ldap-2.4.6-67.el7_4.2.aarch64.rpm mod_proxy_html-2.4.6-67.el7_4.2.aarch64.rpm ppc64: httpd-debuginfo-2.4.6-67.el7_4.2.ppc64.rpm mod_ldap-2.4.6-67.el7_4.2.ppc64.rpm mod_proxy_html-2.4.6-67.el7_4.2.ppc64.rpm ppc64le: httpd-debuginfo-2.4.6-67.el7_4.2.ppc64le.rpm mod_ldap-2.4.6-67.el7_4.2.ppc64le.rpm mod_proxy_html-2.4.6-67.el7_4.2.ppc64le.rpm s390x: httpd-debuginfo-2.4.6-67.el7_4.2.s390x.rpm mod_ldap-2.4.6-67.el7_4.2.s390x.rpm mod_proxy_html-2.4.6-67.el7_4.2.s390x.rpm x86_64: httpd-debuginfo-2.4.6-67.el7_4.2.x86_64.rpm mod_ldap-2.4.6-67.el7_4.2.x86_64.rpm mod_proxy_html-2.4.6-67.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: httpd-2.4.6-67.el7_4.2.src.rpm noarch: httpd-manual-2.4.6-67.el7_4.2.noarch.rpm x86_64: httpd-2.4.6-67.el7_4.2.x86_64.rpm httpd-debuginfo-2.4.6-67.el7_4.2.x86_64.rpm httpd-devel-2.4.6-67.el7_4.2.x86_64.rpm httpd-tools-2.4.6-67.el7_4.2.x86_64.rpm mod_session-2.4.6-67.el7_4.2.x86_64.rpm mod_ssl-2.4.6-67.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: httpd-debuginfo-2.4.6-67.el7_4.2.x86_64.rpm mod_ldap-2.4.6-67.el7_4.2.x86_64.rpm mod_proxy_html-2.4.6-67.el7_4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-3167 https://access.redhat.com/security/cve/CVE-2017-3169 https://access.redhat.com/security/cve/CVE-2017-7668 https://access.redhat.com/security/cve/CVE-2017-7679 https://access.redhat.com/security/cve/CVE-2017-9788 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZkz2LXlSAg2UNWIIRAt0MAJ9LvD/FlXeCaSo7hbsOQiUO2TFbFgCghvNu ug98ZOhnKCMkaBhPFLHQSic= =glD9 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . (BZ#1508885) 3. The JBoss server process must be restarted for the update to take effect. =========================================================================== Ubuntu Security Notice USN-3370-2 August 01, 2017 apache2 vulnerability =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Apache HTTP Server could be made to crash or leak sensitive information if it received specially crafted network traffic. Original advisory details: Robert Swiecki discovered that the Apache HTTP Server mod_auth_digest module incorrectly cleared values when processing certain requests. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: apache2.2-bin2.2.22-1ubuntu1.13 In general, a standard system update will make all the necessary changes. 7.3) - ppc64, ppc64le, s390x, x86_64 3. (CVE-2017-7679) * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. (CVE-2017-9798) Red Hat would like to thank Hanno BAPck for reporting CVE-2017-9798. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The updates are documented in the Release Notes document linked to in the References. This release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a update for Red Hat JBoss Web Server 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References. (CVE-2017-9788) * A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615) * A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. Upstream acknowledges Karthikeyan Bhargavan (Inria) and GaA<<tan Leurent (Inria) as the original reporters of CVE-2016-2183. Bug Fix(es): * Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1338640) * mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1448709) * CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075) * The jboss-ews-application-servers zip README contains incomplete description of fixed CVEs (BZ#1497953) 3. Solution: Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). The References section of this erratum contains a download link (you must log in to download the update)

Trust: 2.61

sources: NVD: CVE-2017-9788 // JVNDB: JVNDB-2017-005787 // VULHUB: VHN-117991 // VULMON: CVE-2017-9788 // PACKETSTORM: 143358 // PACKETSTORM: 144136 // PACKETSTORM: 143534 // PACKETSTORM: 143767 // PACKETSTORM: 145017 // PACKETSTORM: 143615 // PACKETSTORM: 144968 // PACKETSTORM: 144969 // PACKETSTORM: 144865

AFFECTED PRODUCTS

vendor:	redhat	model:	jboss enterprise web server	scope:	eq	version:	2.0.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	6.7	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.5	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	jboss enterprise application platform	scope:	eq	version:	6.0.0	Trust: 1.0
vendor:	redhat	model:	jboss enterprise application platform	scope:	eq	version:	6.4.0	Trust: 1.0
vendor:	netapp	model:	storage automation store	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.0	Trust: 1.0
vendor:	oracle	model:	secure global desktop	scope:	eq	version:	5.3	Trust: 1.0
vendor:	netapp	model:	oncommand unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	jboss core services	scope:	eq	version:	1.0	Trust: 1.0
vendor:	apache	model:	http server	scope:	lte	version:	2.2.33	Trust: 1.0
vendor:	apache	model:	http server	scope:	gte	version:	2.4.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.13.1	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	apache	model:	http server	scope:	lte	version:	2.4.26	Trust: 1.0
vendor:	apache	model:	http server	scope:	lt	version:	2.4.x	Trust: 0.8
vendor:	nec	model:	spoolserver/winspool series	scope:	eq	version:	reportfiling ver5.2 ~ 6.1	Trust: 0.8
vendor:	apache	model:	http server	scope:	eq	version:	2.4.27	Trust: 0.8
vendor:	apache	model:	http server	scope:	eq	version:	2.4.10	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.4.6	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.4.4	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.4.2	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.4.9	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.4.1	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.4.12	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.2.32	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.4.3	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.4.7	Trust: 0.6

sources: JVNDB: JVNDB-2017-005787 // CNNVD: CNNVD-201706-931 // NVD: CVE-2017-9788

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-9788
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-9788
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201706-931
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-117991
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-9788
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-9788
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-117991
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-9788
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-117991 // VULMON: CVE-2017-9788 // JVNDB: JVNDB-2017-005787 // CNNVD: CNNVD-201706-931 // NVD: CVE-2017-9788

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-200	Trust: 1.9

sources: VULHUB: VHN-117991 // JVNDB: JVNDB-2017-005787 // NVD: CVE-2017-9788

THREAT TYPE

remote

Trust: 1.1

sources: PACKETSTORM: 143534 // PACKETSTORM: 143767 // PACKETSTORM: 143615 // PACKETSTORM: 144968 // PACKETSTORM: 144969 // CNNVD: CNNVD-201706-931

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201706-931

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005787

PATCH

title:	Fixed in Apache httpd 2.2.34	url:	https://httpd.apache.org/security/vulnerabilities_22.html	Trust: 0.8
title:	Fixed in Apache httpd 2.4.27	url:	https://httpd.apache.org/security/vulnerabilities_24.html	Trust: 0.8
title:	NV17-018	url:	http://jpn.nec.com/security-info/secinfo/nv17-018.html	Trust: 0.8
title:	CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest	url:	https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb@%3Cannounce.httpd.apache.org%3E	Trust: 0.8
title:	Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89486	Trust: 0.6
title:	Red Hat: Important: Red Hat JBoss Core Services security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20172710 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20172709 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: apache2 vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3370-2	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20172708 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-3913-1 apache2 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=d9fddec113878a445ed8009b9b095457	Trust: 0.1
title:	Debian CVElist Bug Report Logs: apache2: CVE-2017-9788	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=5acf2d8c1512b0afa80a30a349e7a2c3	Trust: 0.1
title:	Ubuntu Security Notice: apache2 vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3370-1	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.18 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173240 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173194 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.18 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173239 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173193 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173195 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Web Server security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173113 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Web Server security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173114 - Security Advisory	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201707-15] apache: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201707-15	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2017-9788	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2017-892	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2017-892	Trust: 0.1
title:	Symantec Security Advisories: Apache HTTP Server Vulnerabilities Jul 2017 - Sep 2018	url:	https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=d2f801f4ee4b743c8db2cea35625dd16	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2017	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=a22ad41e97bbfc5abb0bb927bf43089c	Trust: 0.1
title:	Tenable Security Advisories: [R1] Tenable.sc 5.13.0 Fixes Multiple Third-Party Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2019-09	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - October 2017	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a	Trust: 0.1
title:	Oracle Linux Bulletins: Oracle Linux Bulletin - July 2017	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=549dc795290b298746065b62b4bb7928	Trust: 0.1
title:	MITRE_NIST	url:	https://github.com/ColumbusCollaboratory/MITRE_NIST	Trust: 0.1
title:	tab_pie_external_honggfuzz	url:	https://github.com/CredenceID/tab_pie_external_honggfuzz	Trust: 0.1
title:	platform_external_honggfuzz	url:	https://github.com/DennissimOS/platform_external_honggfuzz	Trust: 0.1
title:	nrich	url:	https://github.com/retr0-13/nrich	Trust: 0.1
title:	-	url:	https://github.com/RoseSecurity-Research/Red-Teaming-TTPs	Trust: 0.1
title:	android_external_honggfuzz	url:	https://github.com/khadas/android_external_honggfuzz	Trust: 0.1
title:	android_external_honggfuzz	url:	https://github.com/bananadroid/android_external_honggfuzz	Trust: 0.1
title:	android_external_honggfuzz	url:	https://github.com/random-aosp-stuff/android_external_honggfuzz	Trust: 0.1
title:	android_external_honggfuzz	url:	https://github.com/TheXPerienceProject/android_external_honggfuzz	Trust: 0.1
title:	honggfuzz_READ	url:	https://github.com/imbaya2466/honggfuzz_READ	Trust: 0.1
title:	external_honggfuzz	url:	https://github.com/ForkLineageOS/external_honggfuzz	Trust: 0.1
title:	external_honggfuzz	url:	https://github.com/Wave-Project/external_honggfuzz	Trust: 0.1
title:	Red-Teaming-TTPs	url:	https://github.com/RoseSecurity/Red-Teaming-TTPs	Trust: 0.1
title:	external_honggfuzz	url:	https://github.com/swordphoenix/external_honggfuzz	Trust: 0.1
title:	platform_external_honggfuzz	url:	https://github.com/aosp-caf-upstream/platform_external_honggfuzz	Trust: 0.1
title:	external_honggfuzz	url:	https://github.com/crdroid-r/external_honggfuzz	Trust: 0.1
title:	external_honggfuzz	url:	https://github.com/yaap/external_honggfuzz	Trust: 0.1
title:	Shodan-nrich	url:	https://github.com/PawanKumarPandit/Shodan-nrich	Trust: 0.1
title:	external_honggfuzz	url:	https://github.com/TinkerEdgeR-Android/external_honggfuzz	Trust: 0.1
title:	android_external_honggfuzz	url:	https://github.com/Corvus-R/android_external_honggfuzz	Trust: 0.1
title:	external-honggfuzz	url:	https://github.com/TinkerBoard2-Android/external-honggfuzz	Trust: 0.1
title:	external_honggfuzz	url:	https://github.com/Ozone-OS/external_honggfuzz	Trust: 0.1
title:	android_external_honggfuzz	url:	https://github.com/StatiXOS/android_external_honggfuzz	Trust: 0.1
title:	android_external_honggfuzz	url:	https://github.com/crdroidandroid/android_external_honggfuzz	Trust: 0.1
title:	-	url:	https://github.com/aosp10-public/external_honggfuzz	Trust: 0.1
title:	external_honggfuzz	url:	https://github.com/CAF-Extended/external_honggfuzz	Trust: 0.1
title:	android_external_honggfuzz	url:	https://github.com/jingpad-bsp/android_external_honggfuzz	Trust: 0.1
title:	-	url:	https://github.com/TinkerBoard-Android/rockchip-android-external-honggfuzz	Trust: 0.1
title:	external_honggfuzz	url:	https://github.com/Project-1CE/external_honggfuzz	Trust: 0.1
title:	android_external_honggfuzz	url:	https://github.com/ProtonAOSP/android_external_honggfuzz	Trust: 0.1
title:	android_external_honggfuzz	url:	https://github.com/ProtonAOSP-platina/android_external_honggfuzz	Trust: 0.1
title:	external-honggfuzz	url:	https://github.com/TinkerBoard-Android/external-honggfuzz	Trust: 0.1
title:	-	url:	https://github.com/Tomoms/android_external_honggfuzz	Trust: 0.1
title:	external_honggfuzz	url:	https://github.com/TinkerBoard2-Android/external_honggfuzz	Trust: 0.1
title:	external_honggfuzz	url:	https://github.com/HavocR/external_honggfuzz	Trust: 0.1
title:	lllnx	url:	https://github.com/lllnx/lllnx	Trust: 0.1
title:	-	url:	https://github.com/ep-infosec/50_google_honggfuzz	Trust: 0.1
title:	TEC-MBSD2017	url:	https://github.com/keloud/TEC-MBSD2017	Trust: 0.1

sources: VULMON: CVE-2017-9788 // JVNDB: JVNDB-2017-005787 // CNNVD: CNNVD-201706-931

EXTERNAL IDS

db:	NVD	id:	CVE-2017-9788	Trust: 3.5
db:	BID	id:	99569	Trust: 1.7
db:	TENABLE	id:	TNS-2019-09	Trust: 1.7
db:	SECTRACK	id:	1038906	Trust: 1.7
db:	JVN	id:	JVNVU92256772	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-005787	Trust: 0.8
db:	CNNVD	id:	CNNVD-201706-931	Trust: 0.7
db:	PACKETSTORM	id:	143358	Trust: 0.2
db:	PACKETSTORM	id:	143534	Trust: 0.2
db:	PACKETSTORM	id:	143615	Trust: 0.2
db:	VULHUB	id:	VHN-117991	Trust: 0.1
db:	VULMON	id:	CVE-2017-9788	Trust: 0.1
db:	PACKETSTORM	id:	144136	Trust: 0.1
db:	PACKETSTORM	id:	143767	Trust: 0.1
db:	PACKETSTORM	id:	145017	Trust: 0.1
db:	PACKETSTORM	id:	144968	Trust: 0.1
db:	PACKETSTORM	id:	144969	Trust: 0.1
db:	PACKETSTORM	id:	144865	Trust: 0.1

sources: VULHUB: VHN-117991 // VULMON: CVE-2017-9788 // JVNDB: JVNDB-2017-005787 // PACKETSTORM: 143358 // PACKETSTORM: 144136 // PACKETSTORM: 143534 // PACKETSTORM: 143767 // PACKETSTORM: 145017 // PACKETSTORM: 143615 // PACKETSTORM: 144968 // PACKETSTORM: 144969 // PACKETSTORM: 144865 // CNNVD: CNNVD-201706-931 // NVD: CVE-2017-9788

REFERENCES

url:	http://www.securityfocus.com/bid/99569	Trust: 2.3
url:	http://www.debian.org/security/2017/dsa-3913	Trust: 2.3
url:	https://access.redhat.com/errata/rhsa-2017:2479	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2017:2709	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2017:3114	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2017:3194	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2017:3195	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2017:3239	Trust: 1.8
url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20170911-0002/	Trust: 1.7
url:	https://support.apple.com/ht208221	Trust: 1.7
url:	https://www.tenable.com/security/tns-2019-09	Trust: 1.7
url:	https://security.gentoo.org/glsa/201710-32	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2017:2478	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2017:2483	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2017:2708	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2017:2710	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2017:3113	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2017:3193	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2017:3240	Trust: 1.7
url:	http://www.securitytracker.com/id/1038906	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9788	Trust: 1.7
url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbux03908en_us	Trust: 1.6
url:	https://httpd.apache.org/security/vulnerabilities_22.html	Trust: 1.1
url:	https://httpd.apache.org/security/vulnerabilities_24.html	Trust: 1.1
url:	https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb%40%3cannounce.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9788	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu92256772/index.html	Trust: 0.8
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2017-9788	Trust: 0.6
url:	https://bugzilla.redhat.com/):	Trust: 0.6
url:	https://access.redhat.com/security/team/contact/	Trust: 0.6
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.6
url:	httpd.apache.org%3e	Trust: 0.6
url:	https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.	Trust: 0.6
url:	httpd.apache.org/security/vulnerabilities_22.html	Trust: 0.6
url:	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.	Trust: 0.6
url:	httpd.apache.org/security/vulnerabilities_24.html	Trust: 0.6
url:	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb@%3cannounce.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.	Trust: 0.6
url:	https://access.redhat.com/security/team/key/	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2017-9798	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9798	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2183	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2016-2183	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2017-3169	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2017-7679	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3167	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2017-3167	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7679	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3169	Trust: 0.3
url:	https://www.ubuntu.com/usn/usn-3370-1	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2017-7668	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7668	Trust: 0.2
url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbux03908en_us	Trust: 0.1
url:	https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb@%3cannounce.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs.httpd.apache.org%3e	Trust: 0.1
url:	https://httpd.apache.org/security_report.html	Trust: 0.1
url:	https://issues.jboss.org/):	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-3185	Trust: 0.1
url:	https://access.redhat.com/documentation/en/red-hat-jboss-core-services/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3185	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.25-3ubuntu2.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu3.4	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.17	Trust: 0.1
url:	https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/	Trust: 0.1
url:	https://access.redhat.com/articles/3229231	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform&downloadtype=securitypatches&version=6.4	Trust: 0.1
url:	https://www.ubuntu.com/usn/usn-3370-2	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-12617	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver&downloadtype=securitypatches&version=2.1.2	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-12615	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12615	Trust: 0.1
url:	https://access.redhat.com/articles/3227901	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12617	Trust: 0.1

sources: VULHUB: VHN-117991 // JVNDB: JVNDB-2017-005787 // PACKETSTORM: 143358 // PACKETSTORM: 144136 // PACKETSTORM: 143534 // PACKETSTORM: 143767 // PACKETSTORM: 145017 // PACKETSTORM: 143615 // PACKETSTORM: 144968 // PACKETSTORM: 144969 // PACKETSTORM: 144865 // CNNVD: CNNVD-201706-931 // NVD: CVE-2017-9788

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 144136 // PACKETSTORM: 143767 // PACKETSTORM: 145017 // PACKETSTORM: 144968 // PACKETSTORM: 144969 // PACKETSTORM: 144865

SOURCES

db:	VULHUB	id:	VHN-117991
db:	VULMON	id:	CVE-2017-9788
db:	JVNDB	id:	JVNDB-2017-005787
db:	PACKETSTORM	id:	143358
db:	PACKETSTORM	id:	144136
db:	PACKETSTORM	id:	143534
db:	PACKETSTORM	id:	143767
db:	PACKETSTORM	id:	145017
db:	PACKETSTORM	id:	143615
db:	PACKETSTORM	id:	144968
db:	PACKETSTORM	id:	144969
db:	PACKETSTORM	id:	144865
db:	CNNVD	id:	CNNVD-201706-931
db:	NVD	id:	CVE-2017-9788

LAST UPDATE DATE

2024-11-24T22:20:51.803000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-117991	date:	2019-08-15T00:00:00
db:	VULMON	id:	CVE-2017-9788	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-005787	date:	2017-10-03T00:00:00
db:	CNNVD	id:	CNNVD-201706-931	date:	2021-06-07T00:00:00
db:	NVD	id:	CVE-2017-9788	date:	2024-11-21T03:36:50.693

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-117991	date:	2017-07-13T00:00:00
db:	VULMON	id:	CVE-2017-9788	date:	2017-07-13T00:00:00
db:	JVNDB	id:	JVNDB-2017-005787	date:	2017-08-07T00:00:00
db:	PACKETSTORM	id:	143358	date:	2017-07-13T04:44:44
db:	PACKETSTORM	id:	144136	date:	2017-09-14T19:50:57
db:	PACKETSTORM	id:	143534	date:	2017-07-27T19:32:22
db:	PACKETSTORM	id:	143767	date:	2017-08-15T22:25:00
db:	PACKETSTORM	id:	145017	date:	2017-11-17T00:10:36
db:	PACKETSTORM	id:	143615	date:	2017-08-02T00:26:49
db:	PACKETSTORM	id:	144968	date:	2017-11-14T04:32:05
db:	PACKETSTORM	id:	144969	date:	2017-11-14T04:32:14
db:	PACKETSTORM	id:	144865	date:	2017-11-02T23:39:48
db:	CNNVD	id:	CNNVD-201706-931	date:	2017-06-22T00:00:00
db:	NVD	id:	CVE-2017-9788	date:	2017-07-13T16:29:00.227