RHSA-2018:2486HighCVSS 8.8

Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update

Published
August 16, 2018
Last Modified
June 30, 2026

🔗 CVE IDs covered (31)

📋 Description

CVE-2016-0718 — expat: Out-of-bounds heap read on crafted input causing crash CVE-2016-4975 — httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir CVE-2016-5131 — libxml2: Use after free triggered by XPointer paths beginning with range-to CVE-2016-7167 — curl: escape and unescape integer overflows CVE-2016-8615 — curl: Cookie injection for other servers CVE-2016-8616 — curl: Case insensitive password comparison CVE-2016-8617 — curl: Out-of-bounds write via unchecked multiplication CVE-2016-8618 — curl: Double-free in curl_maprintf CVE-2016-8619 — curl: Double-free in krb5 code CVE-2016-8621 — curl: curl_getdate out-of-bounds read CVE-2016-8622 — curl: URL unescape heap overflow via integer truncation CVE-2016-8623 — curl: Use-after-free via shared cookies CVE-2016-8624 — curl: Invalid URL parsing with '#' CVE-2016-8625 — curl: IDNA 2003 makes curl use wrong host CVE-2016-9318 — libxml2: XML External Entity vulnerability CVE-2016-9596 — libxml2: stack exhaustion while parsing xml files in recovery mode (unfixed CVE-2016-3627 in JBCS) CVE-2016-9597 — libxml2: stack overflow before detecting invalid XML file (unfixed CVE-2016-3705 in JBCS) CVE-2016-9598 — libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS) CVE-2017-6004 — pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3) CVE-2017-7186 — pcre: Invalid Unicode property lookup (8.41/7, 10.24/2) CVE-2017-7244 — pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c) CVE-2017-7245 — pcre: stack-based buffer overflow write in pcre32_copy_substring CVE-2017-7246 — pcre: stack-based buffer overflow write in pcre32_copy_substring CVE-2017-9047 — libxml2: Buffer overflow in function xmlSnprintfElementContent CVE-2017-9048 — libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent CVE-2017-9049 — libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey CVE-2017-9050 — libxml2: Heap-based buffer over-read in function xmlDictAddString CVE-2017-18258 — libxml2: Unrestricted memory usage in xz_head() function in xzlib.c CVE-2017-1000254 — curl: FTP PWD response parser out of bounds read CVE-2017-1000257 — curl: IMAP FETCH response out of bounds read CVE-2018-0500 — curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP

🔗 References (25)