CVE-2016-8612

Опубликовано: 15 дек. 2016

Источник: redhat

CVSS3: 4.3

CVSS2: 2.9

EPSS Низкий

Описание

Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.

An error was found in protocol parsing logic of mod_cluster load balancer Apache HTTP Server modules. An attacker could use this flaw to cause a Segmentation Fault in the serving httpd process.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat JBoss Enterprise Application Platform 5	mod_cluster	Will not fix
Red Hat JBoss Enterprise Application Platform 6	mod_cluster	Will not fix
Red Hat JBoss Enterprise Application Platform 7	mod_cluster	Not affected
Red Hat JBoss Enterprise Web Server 2	mod_cluster	Will not fix
Red Hat JBoss Enterprise Web Server 3	mod_cluster	Affected
JBoss Core Services on RHEL 6	jbcs-httpd24-httpd	Fixed	RHSA-2017:0193	25.01.2017
JBoss Core Services on RHEL 6	jbcs-httpd24-mod_auth_kerb	Fixed	RHSA-2017:0193	25.01.2017
JBoss Core Services on RHEL 6	jbcs-httpd24-mod_bmx	Fixed	RHSA-2017:0193	25.01.2017
JBoss Core Services on RHEL 6	jbcs-httpd24-mod_cluster-native	Fixed	RHSA-2017:0193	25.01.2017
JBoss Core Services on RHEL 6	jbcs-httpd24-mod_jk	Fixed	RHSA-2017:0193	25.01.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=1387605mod_cluster: Protocol parsing logic error

EPSS

Процентиль: 80%

0.01319

Низкий

4.3 Medium

CVSS3

2.9 Low

CVSS2

Связанные уязвимости

CVE-2016-8612

CVSS3: 4.3

nvd

почти 8 лет назад

CVE-2016-8612

CVSS3: 4.3

debian

почти 8 лет назад

Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerab ...

GHSA-pw68-p55m-86x8

CVSS3: 4.3

github

больше 3 лет назад

EPSS

Процентиль: 80%

0.01319

Низкий

4.3 Medium

CVSS3

2.9 Low

CVSS2