RHSA-2017:1415HighCVSS 7.5
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1
🔗 CVE IDs covered (7)
📋 Description
CVE-2016-0736 — httpd: Padding Oracle in Apache mod_session_crypto CVE-2016-2161 — httpd: DoS vulnerability in mod_auth_digest CVE-2016-6304 — openssl: OCSP Status Request extension unbounded memory growth CVE-2016-7056 — openssl: ECDSA P-256 timing attack key recovery CVE-2016-8610 — SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS CVE-2016-8740 — httpd: Incomplete handling of LimitRequestFields directive in mod_http2 CVE-2016-8743 — httpd: Apache HTTP Request Parsing Whitespace Defects
🔗 References (12)
- selfhttps://access.redhat.com/errata/RHSA-2017:1415
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp&downloadType=securityPatches&version=2.4.23
- externalhttps://access.redhat.com/documentation/en/red-hat-jboss-core-services/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1377600
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1384743
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1401528
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1406744
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1406753
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1406822
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1412120
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1415.json