exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 11

BDU:2017-01806

больше 8 лет назад

Уязвимость модуля mod_session_crypto веб-сервера Apache HTTP Server, позволяющая нарушителю осуществить атаки типа Padding Oracle

CVSS2: 5

EPSS: Средний

CVE-2016-0736

больше 8 лет назад

In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.

CVSS3: 7.5

EPSS: Средний

CVE-2016-0736

почти 9 лет назад

CVSS3: 5.4

EPSS: Средний

CVE-2016-0736

больше 8 лет назад

CVSS3: 7.5

EPSS: Средний

CVE-2016-0736

больше 8 лет назад

In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was ...

CVSS3: 7.5

EPSS: Средний

GHSA-mxm5-vg5c-rx7v

больше 3 лет назад

CVSS3: 7.5

EPSS: Средний

openSUSE-SU-2017:0903-1

больше 8 лет назад

Security update for apache2

EPSS: Низкий

openSUSE-SU-2017:0897-1

больше 8 лет назад

Security update for apache2

EPSS: Низкий

SUSE-SU-2017:0801-1

больше 8 лет назад

Security update for apache2

EPSS: Низкий

SUSE-SU-2017:0797-1

больше 8 лет назад

Security update for apache2

EPSS: Низкий

ELSA-2017-0906

больше 8 лет назад

ELSA-2017-0906: httpd security and bug fix update (MODERATE)

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
BDU:2017-01806 Уязвимость модуля mod_session_crypto веб-сервера Apache HTTP Server, позволяющая нарушителю осуществить атаки типа Padding Oracle	CVSS2: 5	32% Средний	больше 8 лет назад
CVE-2016-0736 In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.	CVSS3: 7.5	32% Средний	больше 8 лет назад
CVE-2016-0736 In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.	CVSS3: 5.4	32% Средний	почти 9 лет назад
CVE-2016-0736 In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.	CVSS3: 7.5	32% Средний	больше 8 лет назад
CVE-2016-0736 In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was ...	CVSS3: 7.5	32% Средний	больше 8 лет назад
GHSA-mxm5-vg5c-rx7v In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.	CVSS3: 7.5	32% Средний	больше 3 лет назад
openSUSE-SU-2017:0903-1 Security update for apache2			больше 8 лет назад
openSUSE-SU-2017:0897-1 Security update for apache2			больше 8 лет назад
SUSE-SU-2017:0801-1 Security update for apache2			больше 8 лет назад
SUSE-SU-2017:0797-1 Security update for apache2			больше 8 лет назад
ELSA-2017-0906 ELSA-2017-0906: httpd security and bug fix update (MODERATE)			больше 8 лет назад

Уязвимостей на страницу