ID

VAR-201710-0928


CVE

CVE-2017-12613


TITLE

Apache Portable Runtime Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2017-009633 // CNNVD: CNNVD-201710-1140

DESCRIPTION

When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. Apache Portable Runtime Contains a buffer error vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Apache Portable Runtime Utility is prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues to obtain sensitive information that may aid in further attacks. Failed exploit attempts will result in denial-of-service conditions. Apache Portable Runtime Utility (APR-util) 1.6.2 and prior versions are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-2 macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra are now available and address the following: afpserver Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A remote attacker may be able to attack AFP servers through HTTP clients Description: An input validation issue was addressed with improved input validation. CVE-2018-4295: Jianjun Chen (@whucjj) from Tsinghua University and UC Berkeley AppleGraphicsControl Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4410: an anonymous researcher working with Trend Micro's Zero Day Initiative AppleGraphicsControl Available for: macOS High Sierra 10.13.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4417: Lee of the Information Security Lab Yonsei University working with Trend Micro's Zero Day Initiative APR Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: Multiple buffer overflow issues existed in Perl Description: Multiple issues in Perl were addressed with improved memory handling. CVE-2017-12613: Craig Young of Tripwire VERT CVE-2017-12618: Craig Young of Tripwire VERT ATS Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4411: lilang wu moony Li of Trend Micro working with Trend Micro's Zero Day Initiative ATS Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4308: Mohamed Ghannam (@_simo36) CFNetwork Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative CoreAnimation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4415: Liang Zhuo working with Beyond Security's SecuriTeam Secure Disclosure CoreCrypto Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly identify prime numbers Description: An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of Royal Holloway, University of London, and Juraj Somorovsky of Ruhr University, Bochum CoreFoundation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4412: The UK's National Cyber Security Centre (NCSC) CUPS Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: In certain configurations, a remote attacker may be able to replace the message content from the print server with arbitrary content Description: An injection issue was addressed with improved validation. CVE-2018-4153: Michael Hanselmann of hansmi.ch CUPS Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4406: Michael Hanselmann of hansmi.ch Dictionary Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: Parsing a maliciously crafted dictionary file may lead to disclosure of user information Description: A validation issue existed which allowed local file access. This was addressed with input sanitization. CVE-2018-4346: Wojciech ReguAa (@_r3ggi) of SecuRing Dock Available for: macOS Mojave 10.14 Impact: A malicious application may be able to access restricted files Description: This issue was addressed by removing additional entitlements. CVE-2018-4403: Patrick Wardle of Digita Security dyld Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved validation. CVE-2018-4423: an anonymous researcher EFI Available for: macOS High Sierra 10.13.6 Impact: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis Description: An information disclosure issue was addressed with a microcode update. This ensures that older data read from recently-written-to addresses cannot be read via a speculative side-channel. CVE-2018-3639: Jann Horn (@tehjh) of Google Project Zero (GPZ), Ken Johnson of the Microsoft Security Response Center (MSRC) EFI Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: A local user may be able to modify protected parts of the file system Description: A configuration issue was addressed with additional restrictions. CVE-2018-4342: Timothy Perfitt of Twocanoes Software Foundation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4304: jianan.huang (@Sevck) Grand Central Dispatch Available for: macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4426: Brandon Azad Heimdal Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4331: Brandon Azad Hypervisor Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis Description: An information disclosure issue was addressed by flushing the L1 data cache at the virtual machine entry. CVE-2018-3646: Baris Kasikci, Daniel Genkin, Ofir Weisse, and Thomas F. Wenisch of University of Michigan, Mark Silberstein and Marina Minkin of Technion, Raoul Strackx, Jo Van Bulck, and Frank Piessens of KU Leuven, Rodrigo Branco, Henrique Kawakami, Ke Sun, and Kekai Hu of Intel Corporation, Yuval Yarom of The University of Adelaide Hypervisor Available for: macOS Sierra 10.12.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2018-4242: Zhuo Liang of Qihoo 360 Nirvan Team ICU Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Processing a maliciously crafted string may lead to heap corruption Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4394: an anonymous researcher Intel Graphics Driver Available for: macOS Sierra 10.12.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4334: Ian Beer of Google Project Zero Intel Graphics Driver Available for: macOS High Sierra 10.13.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4396: Yu Wang of Didi Research America CVE-2018-4418: Yu Wang of Didi Research America Intel Graphics Driver Available for: macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4350: Yu Wang of Didi Research America IOGraphics Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4422: an anonymous researcher working with Trend Micro's Zero Day Initiative IOHIDFamily Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation CVE-2018-4408: Ian Beer of Google Project Zero IOKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4402: Proteas of Qihoo 360 Nirvan Team IOKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4341: Ian Beer of Google Project Zero CVE-2018-4354: Ian Beer of Google Project Zero IOUserEthernet Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4401: Apple IPSec Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2018-4420: Mohamed Ghannam (@_simo36) Kernel Available for: macOS High Sierra 10.13.6 Impact: A malicious application may be able to leak sensitive user information Description: An access issue existed with privileged API calls. This issue was addressed with additional restrictions. CVE-2018-4399: Fabiano Anemone (@anoane) Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4340: Mohamed Ghannam (@_simo36) CVE-2018-4419: Mohamed Ghannam (@_simo36) CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative Kernel Available for: macOS Sierra 10.12.6 Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4259: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4286: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4287: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4288: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4291: Kevin Backhouse of Semmle and LGTM.com Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security Team Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved validation. CVE-2018-4407: Kevin Backhouse of Semmle Ltd. Kernel Available for: macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved size validation. CVE-2018-4424: Dr. Silvio Cesare of InfoSect Login Window Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A local user may be able to cause a denial of service Description: A validation issue was addressed with improved logic. CVE-2018-4348: Ken Gannon of MWR InfoSecurity and Christian Demko of MWR InfoSecurity Mail Available for: macOS Mojave 10.14 Impact: Processing a maliciously crafted mail message may lead to UI spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4389: Dropbox Offensive Security Team, Theodor Ragnar Gislason of Syndis mDNSOffloadUserClient Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4326: an anonymous researcher working with Trend Micro's Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team MediaRemote Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs Microcode Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis Description: An information disclosure issue was addressed with a microcode update. This ensures that implementation specific system registers cannot be leaked via a speculative execution side-channel. CVE-2018-3640: Innokentiy Sennovskiy from BiZone LLC (bi.zone), Zdenek Sojka, Rudolf Marek and Alex Zuepke from SYSGO AG (sysgo.com) NetworkExtension Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Connecting to a VPN server may leak DNS queries to a DNS proxy Description: A logic issue was addressed with improved state management. CVE-2018-4369: an anonymous researcher Perl Available for: macOS Sierra 10.12.6 Impact: Multiple buffer overflow issues existed in Perl Description: Multiple issues in Perl were addressed with improved memory handling. CVE-2018-6797: Brian Carpenter Ruby Available for: macOS Sierra 10.12.6 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple issues in Ruby were addressed in this update. CVE-2017-898 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17742 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Processing a maliciously crafted S/MIME signed message may lead to a denial of service Description: A validation issue was addressed with improved logic. CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd. Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A local user may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2018-4395: Patrick Wardle of Digita Security Spotlight Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4393: Lufeng Li Symptom Framework Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative WiFi Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile Networking Lab at Technische UniversitA$?t Darmstadt Additional recognition Calendar We would like to acknowledge an anonymous researcher for their assistance. iBooks We would like to acknowledge Sem VoigtlA$?nder of Fontys Hogeschool ICT for their assistance. Kernel We would like to acknowledge Brandon Azad for their assistance. LaunchServices We would like to acknowledge Alok Menghrajani of Square for their assistance. Quick Look We would like to acknowledge lokihardt of Google Project Zero for their assistance. Security We would like to acknowledge Marinos Bernitsas of Parachute for their assistance. Terminal We would like to acknowledge an anonymous researcher for their assistance. Installation note: macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EcGQ// QbUbTOZRgxcStGZjs+qdXjeaXI6i1MKaky7o/iYCXf87crFu79PCsXyPU1jeMvoS tgDxz7ornlyaxR4wcSYzfcuIeY2ZH+dkxc7JJHQbKTW1dWYHpXUUzzNm+Ay/Gtk+ 2EIAgJ9oUf8FARR5cmcKBZfLFVdc40vpM3bBCV4m2Kr5KiDsqZKdZTujBQRccAsO HKRbhDecw0WX/CfEbLprs86uIXFMIoifhmh8LMebjzIQn2ozoFG6R31vMMHeDpir zf0xlVCJrJy/XywmkodhBWWrUWcM0hfsJ8EmyIBwFEYUxFhOV3D+x3rStd2kjyNL LG9oWclxDkjImQXdrL8IRAQfZvcVQFZK2vSGCYfRN0LY105sxjPjeIsJ0RORzcSN 2mlDR1UuTosk0GleDbmhv/ornfOc537UebwuHVWU5LpPNFkvY1Cv8zPrQAHewuod TmktkNuv2x2fgw9g7ntE88UBF9JMC+Ofs/FgJ67RkoT4R39P7VvaztHlmxmr/rIw TrSs7TDVqciz+DOMRKxyNPI1cpXM5ITCTvgbY4+RWwaFJzfgY+Gc+sldvVcb1x9I LlsI19MA0bsvi+ReOcLbWYuEHaVhVqZ7LndxR9m2gJ39L9jff+dOsSlznF4OLs+S t7Rz6i2mOpe6vXobkTUmml3m3zYIhL3XcdcYpw3U0F8= =uhgi -----END PGP SIGNATURE----- . 7.2) - x86_64 3. Security Fix(es): * apr: Out-of-bounds array deref in apr_time_exp*() functions (CVE-2017-12613) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution: Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). Bugs fixed (https://bugzilla.redhat.com/): 1493220 - CVE-2017-12615 tomcat: Remote Code Execution via JSP Upload 1493222 - CVE-2017-12616 tomcat: Information Disclosure when using VirtualDirContext 1494283 - CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615 1506523 - CVE-2017-12613 apr: Out-of-bounds array deref in apr_time_exp*() functions 1540824 - CVE-2017-15698 tomcat-native: Mishandling of client certificates can allow for OCSP check bypass 1548282 - CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users 1548289 - CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources 6. Summary: An update is now available for JBoss Core Services on RHEL 6. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References. (CVE-2017-12613) * It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167) * A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169) * A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679) * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) Red Hat would like to thank Hanno BAPck for reporting CVE-2017-9798. Bugs fixed (https://bugzilla.redhat.com/): 1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass 1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference 1463207 - CVE-2017-7679 httpd: mod_mime buffer overread 1490344 - CVE-2017-9798 httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed) 1506523 - CVE-2017-12613 apr: Out-of-bounds array deref in apr_time_exp*() functions 6. JIRA issues fixed (https://issues.jboss.org/): JBCS-403 - Errata for httpd 2.4.23.SP3 RHEL6 7. The References section of this erratum contains a download link (you must log in to download the update). X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Tue, 28 Nov 2017 22:43:47 +0000 (UTC) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: apr security update Advisory ID: RHSA-2017:3270-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:3270 Issue date: 2017-11-28 CVE Names: CVE-2017-12613 ===================================================================== 1. Summary: An update for apr is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le 3. Description: The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Security Fix(es): * An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1506523 - CVE-2017-12613 apr: Out-of-bounds array deref in apr_time_exp*() functions 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: apr-1.3.9-5.el6_9.1.src.rpm i386: apr-1.3.9-5.el6_9.1.i686.rpm apr-debuginfo-1.3.9-5.el6_9.1.i686.rpm x86_64: apr-1.3.9-5.el6_9.1.i686.rpm apr-1.3.9-5.el6_9.1.x86_64.rpm apr-debuginfo-1.3.9-5.el6_9.1.i686.rpm apr-debuginfo-1.3.9-5.el6_9.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: apr-debuginfo-1.3.9-5.el6_9.1.i686.rpm apr-devel-1.3.9-5.el6_9.1.i686.rpm x86_64: apr-debuginfo-1.3.9-5.el6_9.1.i686.rpm apr-debuginfo-1.3.9-5.el6_9.1.x86_64.rpm apr-devel-1.3.9-5.el6_9.1.i686.rpm apr-devel-1.3.9-5.el6_9.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: apr-1.3.9-5.el6_9.1.src.rpm x86_64: apr-1.3.9-5.el6_9.1.i686.rpm apr-1.3.9-5.el6_9.1.x86_64.rpm apr-debuginfo-1.3.9-5.el6_9.1.i686.rpm apr-debuginfo-1.3.9-5.el6_9.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: apr-debuginfo-1.3.9-5.el6_9.1.i686.rpm apr-debuginfo-1.3.9-5.el6_9.1.x86_64.rpm apr-devel-1.3.9-5.el6_9.1.i686.rpm apr-devel-1.3.9-5.el6_9.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: apr-1.3.9-5.el6_9.1.src.rpm i386: apr-1.3.9-5.el6_9.1.i686.rpm apr-debuginfo-1.3.9-5.el6_9.1.i686.rpm apr-devel-1.3.9-5.el6_9.1.i686.rpm ppc64: apr-1.3.9-5.el6_9.1.ppc.rpm apr-1.3.9-5.el6_9.1.ppc64.rpm apr-debuginfo-1.3.9-5.el6_9.1.ppc.rpm apr-debuginfo-1.3.9-5.el6_9.1.ppc64.rpm apr-devel-1.3.9-5.el6_9.1.ppc.rpm apr-devel-1.3.9-5.el6_9.1.ppc64.rpm s390x: apr-1.3.9-5.el6_9.1.s390.rpm apr-1.3.9-5.el6_9.1.s390x.rpm apr-debuginfo-1.3.9-5.el6_9.1.s390.rpm apr-debuginfo-1.3.9-5.el6_9.1.s390x.rpm apr-devel-1.3.9-5.el6_9.1.s390.rpm apr-devel-1.3.9-5.el6_9.1.s390x.rpm x86_64: apr-1.3.9-5.el6_9.1.i686.rpm apr-1.3.9-5.el6_9.1.x86_64.rpm apr-debuginfo-1.3.9-5.el6_9.1.i686.rpm apr-debuginfo-1.3.9-5.el6_9.1.x86_64.rpm apr-devel-1.3.9-5.el6_9.1.i686.rpm apr-devel-1.3.9-5.el6_9.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: apr-1.3.9-5.el6_9.1.src.rpm i386: apr-1.3.9-5.el6_9.1.i686.rpm apr-debuginfo-1.3.9-5.el6_9.1.i686.rpm apr-devel-1.3.9-5.el6_9.1.i686.rpm x86_64: apr-1.3.9-5.el6_9.1.i686.rpm apr-1.3.9-5.el6_9.1.x86_64.rpm apr-debuginfo-1.3.9-5.el6_9.1.i686.rpm apr-debuginfo-1.3.9-5.el6_9.1.x86_64.rpm apr-devel-1.3.9-5.el6_9.1.i686.rpm apr-devel-1.3.9-5.el6_9.1.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: apr-1.4.8-3.el7_4.1.src.rpm x86_64: apr-1.4.8-3.el7_4.1.i686.rpm apr-1.4.8-3.el7_4.1.x86_64.rpm apr-debuginfo-1.4.8-3.el7_4.1.i686.rpm apr-debuginfo-1.4.8-3.el7_4.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: apr-debuginfo-1.4.8-3.el7_4.1.i686.rpm apr-debuginfo-1.4.8-3.el7_4.1.x86_64.rpm apr-devel-1.4.8-3.el7_4.1.i686.rpm apr-devel-1.4.8-3.el7_4.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: apr-1.4.8-3.el7_4.1.src.rpm x86_64: apr-1.4.8-3.el7_4.1.i686.rpm apr-1.4.8-3.el7_4.1.x86_64.rpm apr-debuginfo-1.4.8-3.el7_4.1.i686.rpm apr-debuginfo-1.4.8-3.el7_4.1.x86_64.rpm apr-devel-1.4.8-3.el7_4.1.i686.rpm apr-devel-1.4.8-3.el7_4.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: apr-1.4.8-3.el7_4.1.src.rpm ppc64: apr-1.4.8-3.el7_4.1.ppc.rpm apr-1.4.8-3.el7_4.1.ppc64.rpm apr-debuginfo-1.4.8-3.el7_4.1.ppc.rpm apr-debuginfo-1.4.8-3.el7_4.1.ppc64.rpm apr-devel-1.4.8-3.el7_4.1.ppc.rpm apr-devel-1.4.8-3.el7_4.1.ppc64.rpm ppc64le: apr-1.4.8-3.el7_4.1.ppc64le.rpm apr-debuginfo-1.4.8-3.el7_4.1.ppc64le.rpm apr-devel-1.4.8-3.el7_4.1.ppc64le.rpm s390x: apr-1.4.8-3.el7_4.1.s390.rpm apr-1.4.8-3.el7_4.1.s390x.rpm apr-debuginfo-1.4.8-3.el7_4.1.s390.rpm apr-debuginfo-1.4.8-3.el7_4.1.s390x.rpm apr-devel-1.4.8-3.el7_4.1.s390.rpm apr-devel-1.4.8-3.el7_4.1.s390x.rpm x86_64: apr-1.4.8-3.el7_4.1.i686.rpm apr-1.4.8-3.el7_4.1.x86_64.rpm apr-debuginfo-1.4.8-3.el7_4.1.i686.rpm apr-debuginfo-1.4.8-3.el7_4.1.x86_64.rpm apr-devel-1.4.8-3.el7_4.1.i686.rpm apr-devel-1.4.8-3.el7_4.1.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: apr-1.4.8-3.el7_4.1.src.rpm aarch64: apr-1.4.8-3.el7_4.1.aarch64.rpm apr-debuginfo-1.4.8-3.el7_4.1.aarch64.rpm apr-devel-1.4.8-3.el7_4.1.aarch64.rpm ppc64le: apr-1.4.8-3.el7_4.1.ppc64le.rpm apr-debuginfo-1.4.8-3.el7_4.1.ppc64le.rpm apr-devel-1.4.8-3.el7_4.1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: apr-1.4.8-3.el7_4.1.src.rpm x86_64: apr-1.4.8-3.el7_4.1.i686.rpm apr-1.4.8-3.el7_4.1.x86_64.rpm apr-debuginfo-1.4.8-3.el7_4.1.i686.rpm apr-debuginfo-1.4.8-3.el7_4.1.x86_64.rpm apr-devel-1.4.8-3.el7_4.1.i686.rpm apr-devel-1.4.8-3.el7_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-12613 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFaHeYxXlSAg2UNWIIRAq68AJ40znkuoeryDgG2kL1l2MTpL+oD6wCggb4M AW0e3FjuWmFdkBHik4lmxdc= =vZ+z -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.61

sources: NVD: CVE-2017-12613 // JVNDB: JVNDB-2017-009633 // BID: 101560 // VULMON: CVE-2017-12613 // PACKETSTORM: 150108 // PACKETSTORM: 147393 // PACKETSTORM: 146682 // PACKETSTORM: 145457 // PACKETSTORM: 146687 // PACKETSTORM: 145141 // PACKETSTORM: 146384

AFFECTED PRODUCTS

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.7

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.6

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.4

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.2

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.6

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:6.6

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.4

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:6.7

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.5

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:6.4

Trust: 1.0

vendor:redhatmodel:jboss core servicesscope:eqversion:1.0

Trust: 1.0

vendor:redhatmodel:jboss enterprise web serverscope:eqversion:3.0.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.7

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.3

Trust: 1.0

vendor:apachemodel:portable runtimescope:ltversion:1.7.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:jboss core servicesscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.2

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.6

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:6.6

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.4

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.3

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:6.5

Trust: 1.0

vendor:redhatmodel:software collectionsscope:eqversion:1.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.3

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.7

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:apachemodel:portable runtimescope:lteversion:apr 1.6.2

Trust: 0.8

vendor:apachemodel:portable runtimescope:eqversion:1.6.2

Trust: 0.6

vendor:f5model:iworkflowscope:eqversion:2.3

Trust: 0.3

vendor:f5model:iworkflowscope:eqversion:2.2

Trust: 0.3

vendor:f5model:iworkflowscope:eqversion:2.0.1

Trust: 0.3

vendor:f5model:enterprise managerscope:eqversion:3.1.1

Trust: 0.3

vendor:f5model:big-iq cloud and orchestrationscope:eqversion:1.0

Trust: 0.3

vendor:f5model:big-iq centralized managementscope:eqversion:6.0.1

Trust: 0.3

vendor:f5model:big-iq centralized managementscope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-iq centralized managementscope:eqversion:5.4

Trust: 0.3

vendor:f5model:big-iq centralized managementscope:eqversion:5.3

Trust: 0.3

vendor:f5model:big-iq centralized managementscope:eqversion:5.2

Trust: 0.3

vendor:f5model:big-iq centralized managementscope:eqversion:5.1

Trust: 0.3

vendor:f5model:big-iq centralized managementscope:eqversion:5.0

Trust: 0.3

vendor:f5model:big-iq centralized managementscope:eqversion:4.6

Trust: 0.3

vendor:f5model:big-ip websafescope:eqversion:14.0

Trust: 0.3

vendor:f5model:big-ip websafescope:eqversion:13.1

Trust: 0.3

vendor:f5model:big-ip websafescope:eqversion:13.0.1

Trust: 0.3

vendor:f5model:big-ip websafe hf3scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip websafe hf2scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip websafescope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip websafescope:eqversion:12.1.3

Trust: 0.3

vendor:f5model:big-ip websafe hf2scope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip websafe hf1scope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip websafescope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip websafescope:eqversion:12.1.1

Trust: 0.3

vendor:f5model:big-ip websafe hf2scope:eqversion:12.1

Trust: 0.3

vendor:f5model:big-ip websafe hf1scope:eqversion:12.1

Trust: 0.3

vendor:f5model:big-ip websafescope:eqversion:12.1

Trust: 0.3

vendor:f5model:big-ip websafescope:eqversion:11.6.3

Trust: 0.3

vendor:f5model:big-ip websafe hf1scope:eqversion:11.6.2

Trust: 0.3

vendor:f5model:big-ip websafescope:eqversion:11.6.2

Trust: 0.3

vendor:f5model:big-ip websafe hf1scope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip websafescope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip websafescope:eqversion:11.5.7

Trust: 0.3

vendor:f5model:big-ip websafescope:eqversion:11.5.6

Trust: 0.3

vendor:f5model:big-ip websafescope:eqversion:11.5.5

Trust: 0.3

vendor:f5model:big-ip websafescope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip websafescope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip websafescope:eqversion:11.5.2

Trust: 0.3

vendor:f5model:big-ip websafescope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip websafe hf1scope:eqversion:13.0.0

Trust: 0.3

vendor:f5model:big-ip websafe hf2scope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip websafescope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:14.0

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:13.1

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:13.0.1

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:12.1.3

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:12.1.1

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:12.1

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:11.6.3

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:11.6.2

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:11.5.7

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:11.5.6

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:11.5.5

Trust: 0.3

vendor:f5model:big-ip webaccelerator hf2scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip pemscope:eqversion:14.0

Trust: 0.3

vendor:f5model:big-ip pemscope:eqversion:13.1

Trust: 0.3

vendor:f5model:big-ip pemscope:eqversion:13.0.1

Trust: 0.3

vendor:f5model:big-ip pem hf3scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip pem hf2scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip pemscope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip pemscope:eqversion:12.1.3

Trust: 0.3

vendor:f5model:big-ip pem hf2scope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip pem hf1scope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip pem hfscope:eqversion:12.1.21

Trust: 0.3

vendor:f5model:big-ip pemscope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip pemscope:eqversion:12.1.1

Trust: 0.3

vendor:f5model:big-ip pem hf2scope:eqversion:12.1

Trust: 0.3

vendor:f5model:big-ip pem hf1scope:eqversion:12.1

Trust: 0.3

vendor:f5model:big-ip pemscope:eqversion:11.6.3

Trust: 0.3

vendor:f5model:big-ip pem hf1scope:eqversion:11.6.2

Trust: 0.3

vendor:f5model:big-ip pemscope:eqversion:11.6.2

Trust: 0.3

vendor:f5model:big-ip pem hf2scope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip pem hf1scope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip pemscope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip pemscope:eqversion:11.5.7

Trust: 0.3

vendor:f5model:big-ip pemscope:eqversion:11.5.6

Trust: 0.3

vendor:f5model:big-ip pem hf3scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip pem hf2scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip pem hf1scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip pem hf2scope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip pemscope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip pem hf11scope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip pem hf10scope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip pemscope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip pemscope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip pem hf1scope:eqversion:13.0.0

Trust: 0.3

vendor:f5model:big-ip pemscope:eqversion:12.1.0

Trust: 0.3

vendor:f5model:big-ip pemscope:eqversion:11.5.5

Trust: 0.3

vendor:f5model:big-ip pemscope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip pem hf1scope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip pem hf6scope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:14.0

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:13.1

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:13.0.1

Trust: 0.3

vendor:f5model:big-ip ltm hf3scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip ltm hf2scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip ltm hf1scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:12.1.3

Trust: 0.3

vendor:f5model:big-ip ltm hf2scope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip ltm hf1scope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:12.1.1

Trust: 0.3

vendor:f5model:big-ip ltm hf2scope:eqversion:12.1

Trust: 0.3

vendor:f5model:big-ip ltm hf1scope:eqversion:12.1

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.6.3

Trust: 0.3

vendor:f5model:big-ip ltm hf1scope:eqversion:11.6.2

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.6.2

Trust: 0.3

vendor:f5model:big-ip ltm hf2scope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip ltm hf1scope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.5.7

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.5.6

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.5.5

Trust: 0.3

vendor:f5model:big-ip ltm hf3scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip ltm hf2scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip ltm hf1scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip ltm hf2scope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.5.2

Trust: 0.3

vendor:f5model:big-ip ltm hf6scope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip ltm hf5scope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip ltm hf11scope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip ltm hf10scope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:12.1.0

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip ltm hf1scope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:14.0

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:13.1

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:13.0.1

Trust: 0.3

vendor:f5model:big-ip link controller hf3scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip link controller hf2scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:12.1.3

Trust: 0.3

vendor:f5model:big-ip link controller hf2scope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip link controller hf1scope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:12.1.1

Trust: 0.3

vendor:f5model:big-ip link controller hf2scope:eqversion:12.1

Trust: 0.3

vendor:f5model:big-ip link controller hf1scope:eqversion:12.1

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:11.6.3

Trust: 0.3

vendor:f5model:big-ip link controller hf2scope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip link controller hf1scope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:11.5.7

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:11.5.6

Trust: 0.3

vendor:f5model:big-ip link controller hf3scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip link controller hf2scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip link controller hf1scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip link controller hf2scope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:11.5.2

Trust: 0.3

vendor:f5model:big-ip link controller hf8scope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip link controller hf11scope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip link controller hf10scope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip link controller hf1scope:eqversion:13.0.0

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:12.1.0

Trust: 0.3

vendor:f5model:big-ip link controller hf1scope:eqversion:11.6.2

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:11.6.2

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:11.5.5

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip link controller hf1scope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:14.0

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:13.1

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:13.0.1

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:12.1.3

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:12.1.1

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:12.1

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:11.6.3

Trust: 0.3

vendor:f5model:big-ip gtm hf1scope:eqversion:11.6.2

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:11.6.2

Trust: 0.3

vendor:f5model:big-ip gtm hf1scope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:11.5.7

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:11.5.6

Trust: 0.3

vendor:f5model:big-ip gtm hf3scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip gtm hf2scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip gtm hf1scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip gtm hf2scope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:11.5.2

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:13.0.0

Trust: 0.3

vendor:f5model:big-ip gtm hf1scope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip gtm hf2scope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:11.5.5

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip gtm hf1scope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip gtm hf6scope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:14.0

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:13.1

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:13.0.1

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:12.1.3

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:12.1

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:11.6.3

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:11.6.2

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:11.5.7

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:11.5.6

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip dnsscope:eqversion:14.0

Trust: 0.3

vendor:f5model:big-ip dnsscope:eqversion:13.1

Trust: 0.3

vendor:f5model:big-ip dnsscope:eqversion:13.0.1

Trust: 0.3

vendor:f5model:big-ip dns hf3scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip dns hf2scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip dns hf1scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip dnsscope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip dnsscope:eqversion:12.1.3

Trust: 0.3

vendor:f5model:big-ip dns hf2scope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip dns hf1scope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip dnsscope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip dnsscope:eqversion:12.1.1

Trust: 0.3

vendor:f5model:big-ip dnsscope:eqversion:11.6.3

Trust: 0.3

vendor:f5model:big-ip dnsscope:eqversion:11.6.2

Trust: 0.3

vendor:f5model:big-ip dnsscope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip dnsscope:eqversion:11.5.7

Trust: 0.3

vendor:f5model:big-ip dnsscope:eqversion:11.5.6

Trust: 0.3

vendor:f5model:big-ip dnsscope:eqversion:11.5.5

Trust: 0.3

vendor:f5model:big-ip dns hf1scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip dnsscope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip dnsscope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip dnsscope:eqversion:11.5.2

Trust: 0.3

vendor:f5model:big-ip dnsscope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip dnsscope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip dnsscope:eqversion:12.1.0

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:14.0

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:13.1

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:13.0.1

Trust: 0.3

vendor:f5model:big-ip asm hf3scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip asm hf2scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip asm hf1scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:12.1.3

Trust: 0.3

vendor:f5model:big-ip asm hf2scope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip asm hf1scope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:12.1.1

Trust: 0.3

vendor:f5model:big-ip asm hf2scope:eqversion:12.1

Trust: 0.3

vendor:f5model:big-ip asm hf1scope:eqversion:12.1

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.6.3

Trust: 0.3

vendor:f5model:big-ip asm hf1scope:eqversion:11.6.2

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.6.2

Trust: 0.3

vendor:f5model:big-ip asm hf2scope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip asm hf1scope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.5.7

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.5.6

Trust: 0.3

vendor:f5model:big-ip asm hf3scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip asm hf2scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip asm hf1scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip asm hf2scope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.5.2

Trust: 0.3

vendor:f5model:big-ip asm hf6scope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip asm hf11scope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip asm hf10scope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip asm hf1scope:eqversion:12.1.1

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:12.1.0

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.5.5

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip asm hf1scope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:14.0

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:13.1

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:13.0.1

Trust: 0.3

vendor:f5model:big-ip apm hf3scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip apm hf1scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:12.1.3

Trust: 0.3

vendor:f5model:big-ip apm hf2scope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip apm hf1scope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:12.1.1

Trust: 0.3

vendor:f5model:big-ip apm hf2scope:eqversion:12.1

Trust: 0.3

vendor:f5model:big-ip apm hf1scope:eqversion:12.1

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.6.3

Trust: 0.3

vendor:f5model:big-ip apm hf1scope:eqversion:11.6.2

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.6.2

Trust: 0.3

vendor:f5model:big-ip apm hf2scope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip apm hf1scope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.5.7

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.5.6

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.5.5

Trust: 0.3

vendor:f5model:big-ip apm hf3scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip apm hf2scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip apm hf1scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip apm hf2scope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip apm hf1scope:eqversion:11.5.2

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.5.2

Trust: 0.3

vendor:f5model:big-ip apm hf11scope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip apm hf10scope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:12.1.0

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip apm hf1scope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip apm hf6scope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:14.0

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:13.1

Trust: 0.3

vendor:f5model:big-ip analytics hf3scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip analytics hf2scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip analytics hf1scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:12.1.3

Trust: 0.3

vendor:f5model:big-ip analytics hf2scope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip analytics hf1scope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:12.1.1

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:11.6.3

Trust: 0.3

vendor:f5model:big-ip analytics hf1scope:eqversion:11.6.2

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:11.6.2

Trust: 0.3

vendor:f5model:big-ip analytics hf2scope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip analytics hf1scope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:11.5.7

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:11.5.6

Trust: 0.3

vendor:f5model:big-ip analytics hf3scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip analytics hf2scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip analytics hf1scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip analytics hf2scope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:11.5.2

Trust: 0.3

vendor:f5model:big-ip analytics hf8scope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:12.1.0

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:11.5.5

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip analytics hf1scope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip analytics hf6scope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:14.0

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:13.1

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:13.0.1

Trust: 0.3

vendor:f5model:big-ip afm hf3scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip afm hf2scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip afm hf1scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:12.1.3

Trust: 0.3

vendor:f5model:big-ip afm hf2scope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip afm hf1scope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:12.1.1

Trust: 0.3

vendor:f5model:big-ip afm hf2scope:eqversion:12.1

Trust: 0.3

vendor:f5model:big-ip afm hf1scope:eqversion:12.1

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:11.6.3

Trust: 0.3

vendor:f5model:big-ip afm hf2scope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip afm hf1scope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:11.5.7

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:11.5.6

Trust: 0.3

vendor:f5model:big-ip afm hf3scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip afm hf2scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip afm hf1scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip afm hf2scope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:11.5.2

Trust: 0.3

vendor:f5model:big-ip afm hf11scope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip afm hf10scope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:12.1.0

Trust: 0.3

vendor:f5model:big-ip afm hf1scope:eqversion:11.6.2

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:11.6.2

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:11.5.5

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip afm hf1scope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip afm hf6scope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip aamscope:eqversion:14.0

Trust: 0.3

vendor:f5model:big-ip aamscope:eqversion:13.1

Trust: 0.3

vendor:f5model:big-ip aamscope:eqversion:13.0.1

Trust: 0.3

vendor:f5model:big-ip aam hf3scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip aam hf2scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip aam hf1scope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip aamscope:eqversion:13.0

Trust: 0.3

vendor:f5model:big-ip aamscope:eqversion:12.1.3

Trust: 0.3

vendor:f5model:big-ip aam hf2scope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip aam hf1scope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip aamscope:eqversion:12.1.2

Trust: 0.3

vendor:f5model:big-ip aamscope:eqversion:12.1.1

Trust: 0.3

vendor:f5model:big-ip aam hf2scope:eqversion:12.1

Trust: 0.3

vendor:f5model:big-ip aam hf1scope:eqversion:12.1

Trust: 0.3

vendor:f5model:big-ip aamscope:eqversion:11.6.3

Trust: 0.3

vendor:f5model:big-ip aam hf1scope:eqversion:11.6.2

Trust: 0.3

vendor:f5model:big-ip aamscope:eqversion:11.6.2

Trust: 0.3

vendor:f5model:big-ip aam hf2scope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip aam hf1scope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip aamscope:eqversion:11.6.1

Trust: 0.3

vendor:f5model:big-ip aamscope:eqversion:11.5.7

Trust: 0.3

vendor:f5model:big-ip aamscope:eqversion:11.5.6

Trust: 0.3

vendor:f5model:big-ip aamscope:eqversion:11.5.5

Trust: 0.3

vendor:f5model:big-ip aam hf3scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip aam hf2scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip aam hf1scope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip aam hf2scope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip aamscope:eqversion:11.5.3

Trust: 0.3

vendor:f5model:big-ip aamscope:eqversion:11.5.2

Trust: 0.3

vendor:f5model:big-ip aam hf6scope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip aam hf11scope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip aam hf10scope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip aamscope:eqversion:11.5.1

Trust: 0.3

vendor:f5model:big-ip aamscope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip aamscope:eqversion:12.1.0

Trust: 0.3

vendor:f5model:big-ip aamscope:eqversion:11.5.4

Trust: 0.3

vendor:f5model:big-ip aam hf1scope:eqversion:11.5.3

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.6.2

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.6.1

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.6

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.3.10

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.3.9

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.3.8

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.3.7

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.3.6

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.3.5

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.3.4

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.3.3

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.3.2

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.2.13

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.2.12

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.2.10

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.2.9

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.2.7

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:0.9.18

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:0.9.17

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:0.9.16

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:0.9.15

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:0.9.14

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:0.9.13

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:0.9.12

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:0.9.11

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:0.9.10

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:0.9.9

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:0.9.8

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:0.9.7

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:0.9.6

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:0.9.4

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.4.4

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.4.3

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.3.1

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.3.0

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.2.6

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.2.2

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.2.1

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.1.2

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.1.1

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.1.0

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:1.0.1

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:0.9.3

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:0.9.2

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:0.9.1

Trust: 0.3

vendor:f5model:big-ip websafescope:neversion:14.1

Trust: 0.3

vendor:f5model:big-ip websafescope:neversion:14.0.0.3

Trust: 0.3

vendor:f5model:big-ip websafescope:neversion:13.1.0.6

Trust: 0.3

vendor:f5model:big-ip websafescope:neversion:12.1.3.6

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:neversion:14.1

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:neversion:14.0.0.3

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:neversion:13.1.0.6

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:neversion:12.1.3.6

Trust: 0.3

vendor:f5model:big-ip pemscope:neversion:14.1

Trust: 0.3

vendor:f5model:big-ip pemscope:neversion:14.0.0.3

Trust: 0.3

vendor:f5model:big-ip pemscope:neversion:13.1.0.6

Trust: 0.3

vendor:f5model:big-ip pemscope:neversion:12.1.3.6

Trust: 0.3

vendor:f5model:big-ip ltmscope:neversion:14.1

Trust: 0.3

vendor:f5model:big-ip ltmscope:neversion:14.0.0.3

Trust: 0.3

vendor:f5model:big-ip ltmscope:neversion:13.1.0.6

Trust: 0.3

vendor:f5model:big-ip ltmscope:neversion:12.1.3.6

Trust: 0.3

vendor:f5model:big-ip link controllerscope:neversion:14.1

Trust: 0.3

vendor:f5model:big-ip link controllerscope:neversion:14.0.0.3

Trust: 0.3

vendor:f5model:big-ip link controllerscope:neversion:13.1.0.6

Trust: 0.3

vendor:f5model:big-ip link controllerscope:neversion:12.1.3.6

Trust: 0.3

vendor:f5model:big-ip gtmscope:neversion:14.1

Trust: 0.3

vendor:f5model:big-ip gtmscope:neversion:14.0.0.3

Trust: 0.3

vendor:f5model:big-ip gtmscope:neversion:13.1.0.6

Trust: 0.3

vendor:f5model:big-ip gtmscope:neversion:12.1.3.6

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:neversion:14.1

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:neversion:13.1.0.6

Trust: 0.3

vendor:f5model:big-ip dnsscope:neversion:14.1

Trust: 0.3

vendor:f5model:big-ip dnsscope:neversion:14.0.0.3

Trust: 0.3

vendor:f5model:big-ip dnsscope:neversion:13.1.0.6

Trust: 0.3

vendor:f5model:big-ip dnsscope:neversion:12.1.3.6

Trust: 0.3

vendor:f5model:big-ip asmscope:neversion:14.1

Trust: 0.3

vendor:f5model:big-ip asmscope:neversion:14.0.0.3

Trust: 0.3

vendor:f5model:big-ip asmscope:neversion:13.1.0.6

Trust: 0.3

vendor:f5model:big-ip asmscope:neversion:12.1.3.6

Trust: 0.3

vendor:f5model:big-ip apmscope:neversion:14.1

Trust: 0.3

vendor:f5model:big-ip apmscope:neversion:14.0.0.3

Trust: 0.3

vendor:f5model:big-ip apmscope:neversion:13.1.0.6

Trust: 0.3

vendor:f5model:big-ip apmscope:neversion:12.1.3.6

Trust: 0.3

vendor:f5model:big-ip analyticsscope:neversion:14.1

Trust: 0.3

vendor:f5model:big-ip analyticsscope:neversion:14.0.0.3

Trust: 0.3

vendor:f5model:big-ip analyticsscope:neversion:13.1.0.6

Trust: 0.3

vendor:f5model:big-ip analyticsscope:neversion:12.1.3.6

Trust: 0.3

vendor:f5model:big-ip afmscope:neversion:14.1

Trust: 0.3

vendor:f5model:big-ip afmscope:neversion:14.0.0.3

Trust: 0.3

vendor:f5model:big-ip afmscope:neversion:13.1.0.6

Trust: 0.3

vendor:f5model:big-ip afmscope:neversion:12.1.3.6

Trust: 0.3

vendor:f5model:big-ip aamscope:neversion:14.1

Trust: 0.3

vendor:f5model:big-ip aamscope:neversion:14.0.0.3

Trust: 0.3

vendor:f5model:big-ip aamscope:neversion:13.1.0.6

Trust: 0.3

vendor:f5model:big-ip aamscope:neversion:12.1.3.6

Trust: 0.3

vendor:apachemodel:apr-utilscope:neversion:1.6.3

Trust: 0.3

sources: BID: 101560 // JVNDB: JVNDB-2017-009633 // CNNVD: CNNVD-201710-1140 // NVD: CVE-2017-12613

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12613
value: HIGH

Trust: 1.0

NVD: CVE-2017-12613
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201710-1140
value: HIGH

Trust: 0.6

VULMON: CVE-2017-12613
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-12613
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2017-12613
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2017-12613
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2017-12613 // JVNDB: JVNDB-2017-009633 // CNNVD: CNNVD-201710-1140 // NVD: CVE-2017-12613

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

problemtype:CWE-119

Trust: 0.8

sources: JVNDB: JVNDB-2017-009633 // NVD: CVE-2017-12613

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201710-1140

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201710-1140

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009633

PATCH

title:Revision 1807976url:https://svn.apache.org/viewvc?view=revision&revision=1807976

Trust: 0.8

title:[Announce] Apache Portable Runtime APR 1.6.3, APR-util 1.6.1 and APR-iconv 1.2.2 Releasedurl:https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E

Trust: 0.8

title:Apache Portable Runtime Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75975

Trust: 0.6

title:Red Hat: Important: apr security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173270 - Security Advisory

Trust: 0.1

title:Red Hat: Important: apr security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20181253 - Security Advisory

Trust: 0.1

title:Red Hat: Important: httpd24-apr security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20180316 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173476 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173477 - Security Advisory

Trust: 0.1

title:Amazon Linux AMI: ALAS-2017-928url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2017-928

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173475 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: apr: CVE-2021-35940url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=5e2c059c594375a9d2d057d113f3ebb3

Trust: 0.1

title:Debian CVElist Bug Report Logs: apr-util: CVE-2017-12618url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=0c479ddd46c3cd7bf25cdba9c0b98fc7

Trust: 0.1

title:Debian CVElist Bug Report Logs: apr: CVE-2017-12613url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=8dd946abfc105514416d717cf93b9295

Trust: 0.1

title:Arch Linux Advisories: [ASA-201710-32] apr: information disclosureurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201710-32

Trust: 0.1

title:Red Hat: CVE-2017-12613url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2017-12613

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Web Server 3.1.0 Service Pack 2 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20180466 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Web Server 3.1.0 Service Pack 2 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20180465 - Security Advisory

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2017-12613

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=ad93b14b1ee3141c8131a0ba5a4f74ac

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=586e6062440cdd312211d748e028164e

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - October 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=7251d5e5f2b1771951980ad7cfde50ba

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2021-35940

Trust: 0.1

title:CVE-2021-35940url:https://github.com/AlAIAL90/CVE-2021-35940

Trust: 0.1

sources: VULMON: CVE-2017-12613 // JVNDB: JVNDB-2017-009633 // CNNVD: CNNVD-201710-1140

EXTERNAL IDS

db:NVDid:CVE-2017-12613

Trust: 3.5

db:BIDid:101560

Trust: 2.0

db:SECTRACKid:1042004

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/08/23/1

Trust: 1.7

db:JVNDBid:JVNDB-2017-009633

Trust: 0.8

db:AUSCERTid:ESB-2018.0660.10

Trust: 0.6

db:AUSCERTid:ESB-2019.1429

Trust: 0.6

db:AUSCERTid:ESB-2022.0349

Trust: 0.6

db:NSFOCUSid:37867

Trust: 0.6

db:CNNVDid:CNNVD-201710-1140

Trust: 0.6

db:VULMONid:CVE-2017-12613

Trust: 0.1

db:PACKETSTORMid:150108

Trust: 0.1

db:PACKETSTORMid:147393

Trust: 0.1

db:PACKETSTORMid:146682

Trust: 0.1

db:PACKETSTORMid:145457

Trust: 0.1

db:PACKETSTORMid:146687

Trust: 0.1

db:PACKETSTORMid:145141

Trust: 0.1

db:PACKETSTORMid:146384

Trust: 0.1

sources: VULMON: CVE-2017-12613 // BID: 101560 // JVNDB: JVNDB-2017-009633 // PACKETSTORM: 150108 // PACKETSTORM: 147393 // PACKETSTORM: 146682 // PACKETSTORM: 145457 // PACKETSTORM: 146687 // PACKETSTORM: 145141 // PACKETSTORM: 146384 // CNNVD: CNNVD-201710-1140 // NVD: CVE-2017-12613

REFERENCES

url:http://www.securityfocus.com/bid/101560

Trust: 2.3

url:https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3cannounce.apache.org%3e

Trust: 2.0

url:https://access.redhat.com/errata/rhsa-2017:3270

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2017:3477

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2018:0316

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2018:0466

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2018:0465

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2018:1253

Trust: 1.8

url:https://svn.apache.org/viewvc?view=revision&revision=1807976

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2017:3476

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2017:3475

Trust: 1.7

url:http://www.apache.org/dist/apr/announcement1.x.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html

Trust: 1.7

url:http://www.securitytracker.com/id/1042004

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/08/23/1

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2017-12613

Trust: 1.5

url:https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9%40%3ccommits.apr.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339%40%3ccommits.apr.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3cdev.apr.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3cannounce.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3cdev.apr.apache.org%3e

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12613

Trust: 0.8

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2017-12613

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.6

url:http://www.nsfocus.net/vulndb/37867

Trust: 0.6

url:https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b@%3cannounce.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9@%3ccommits.apr.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339@%3ccommits.apr.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e@%3cdev.apr.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8@%3cdev.apr.apache.org%3e

Trust: 0.6

url:http://www.ibm.com/support/docview.wss?uid=swg22014121

Trust: 0.6

url:http://www.ibm.com/support/docview.wss?uid=ibm10880665

Trust: 0.6

url:https://www.auscert.org.au/bulletins/79734

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0349

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2018.0660.10/

Trust: 0.6

url:https://access.redhat.com/security/team/key/

Trust: 0.5

url:https://access.redhat.com/articles/11258

Trust: 0.5

url:http://www.apache.org/

Trust: 0.3

url:https://support.f5.com/csp/article/k52319810

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2017-12617

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-12616

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-12617

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-15698

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-1305

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-12615

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-12615

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-1304

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-1304

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-12616

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-1305

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-15698

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=56070

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-12618

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-14064

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4203

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-10784

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4334

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4288

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4308

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4326

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-17405

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-3640

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4153

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4291

Trust: 0.1

url:https://support.apple.com/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4340

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4304

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4286

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4126

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-14033

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4331

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4310

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4259

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4295

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4242

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-17742

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-3646

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4287

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-3639

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-9798

Trust: 0.1

url:https://access.redhat.com/documentation/en/red-hat-jboss-core-services/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-7679

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-3167

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-7679

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3169

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-3169

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-9798

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3167

Trust: 0.1

url:https://access.redhat.com/solutions/2435491

Trust: 0.1

url:https://access.redhat.com/security/vulnerabilities/httpoxy

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver&downloadtype=securitypatches&version=3.1

Trust: 0.1

sources: VULMON: CVE-2017-12613 // BID: 101560 // JVNDB: JVNDB-2017-009633 // PACKETSTORM: 150108 // PACKETSTORM: 147393 // PACKETSTORM: 146682 // PACKETSTORM: 145457 // PACKETSTORM: 146687 // PACKETSTORM: 145141 // PACKETSTORM: 146384 // CNNVD: CNNVD-201710-1140 // NVD: CVE-2017-12613

CREDITS

The vendor reported this issue.

Trust: 0.9

sources: BID: 101560 // CNNVD: CNNVD-201710-1140

SOURCES

db:VULMONid:CVE-2017-12613
db:BIDid:101560
db:JVNDBid:JVNDB-2017-009633
db:PACKETSTORMid:150108
db:PACKETSTORMid:147393
db:PACKETSTORMid:146682
db:PACKETSTORMid:145457
db:PACKETSTORMid:146687
db:PACKETSTORMid:145141
db:PACKETSTORMid:146384
db:CNNVDid:CNNVD-201710-1140
db:NVDid:CVE-2017-12613

LAST UPDATE DATE

2024-11-23T19:39:42.999000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2017-12613date:2023-11-07T00:00:00
db:BIDid:101560date:2019-02-14T08:00:00
db:JVNDBid:JVNDB-2017-009633date:2017-11-16T00:00:00
db:CNNVDid:CNNVD-201710-1140date:2022-01-26T00:00:00
db:NVDid:CVE-2017-12613date:2024-11-21T03:09:53.687

SOURCES RELEASE DATE

db:VULMONid:CVE-2017-12613date:2017-10-24T00:00:00
db:BIDid:101560date:2017-10-23T00:00:00
db:JVNDBid:JVNDB-2017-009633date:2017-11-16T00:00:00
db:PACKETSTORMid:150108date:2018-10-31T15:50:04
db:PACKETSTORMid:147393date:2018-04-27T14:51:47
db:PACKETSTORMid:146682date:2018-03-07T18:08:49
db:PACKETSTORMid:145457date:2017-12-17T15:29:14
db:PACKETSTORMid:146687date:2018-03-07T18:12:55
db:PACKETSTORMid:145141date:2017-11-28T23:25:00
db:PACKETSTORMid:146384date:2018-02-13T19:22:00
db:CNNVDid:CNNVD-201710-1140date:2017-10-31T00:00:00
db:NVDid:CVE-2017-12613date:2017-10-24T01:29:02