Vulnerabilities > CVE-2017-9788 - Improper Input Validation vulnerability in multiple products

047910
CVSS 9.1 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
apache
debian
apple
netapp
redhat
oracle
CWE-20
critical
nessus

Summary

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.

Vulnerable Configurations

Part Description Count
Application
Apache
211
Application
Netapp
2
Application
Redhat
4
Application
Oracle
1
OS
Debian
2
OS
Apple
132
OS
Redhat
22

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Server Side Include (SSI) Injection
    An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
  • Cross Zone Scripting
    An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1178.NASL
    descriptionAccording to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the httpd
    last seen2020-05-06
    modified2017-09-08
    plugin id103016
    published2017-09-08
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103016
    titleEulerOS 2.0 SP2 : httpd (EulerOS-SA-2017-1178)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-3113.NASL
    descriptionAn update is now available for Red Hat JBoss Enterprise Web Server 2.1.2 for RHEL 6 and Red Hat JBoss Enterprise Web Server 2.1.2 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. This release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2. The updates are documented in the Release Notes document linked to in the References. This release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a update for Red Hat JBoss Web Server 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Users of Red Hat JBoss Web Server 2 should upgrade to these updated packages, which resolve several security issues. Security Fix(es) : * It was discovered that the httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id104456
    published2017-11-08
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104456
    titleRHEL 6 / 7 : Red Hat JBoss Web Server (RHSA-2017:3113) (Optionsbleed)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-2479.NASL
    descriptionFrom Red Hat Security Advisory 2017:2479 : An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * It was discovered that the httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id102515
    published2017-08-16
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102515
    titleOracle Linux 7 : httpd (ELSA-2017-2479)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-3195.NASL
    descriptionAn update for httpd is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * It was discovered that the httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id104541
    published2017-11-14
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104541
    titleRHEL 6 : httpd (RHSA-2017:3195) (Optionsbleed)
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_SPACE_JSA_10838.NASL
    descriptionAccording to its self-reported version number, the remote Junos Space version is prior to 17.2R1. It is, therefore, affected by multiple vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id108520
    published2018-03-21
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108520
    titleJuniper Junos Space < 17.2R1 Multiple Vulnerabilities (JSA10838)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3370-1.NASL
    descriptionRobert Swiecki discovered that the Apache HTTP Server mod_auth_digest module incorrectly cleared values when processing certain requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial or service, or possibly obtain sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id102034
    published2017-07-28
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102034
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.04 : apache2 vulnerability (USN-3370-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1961-1.NASL
    descriptionThis update for apache2 fixes the following issues: Security issue fixed : - CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest. (bsc#1048576) Bug fixes : - Include individual sysconfig.d files instead of the whole sysconfig.d directory. - Include sysconfig.d/include.conf after httpd.conf is processed. (bsc#1023616, bsc#1043055) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id102013
    published2017-07-27
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102013
    titleSUSE SLES12 Security Update : apache2 (SUSE-SU-2017:1961-1)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2017-004.NASL
    descriptionThe remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - 802.1X - apache - AppleScript - ATS - Audio - CFString - CoreText - curl - Dictionary Widget - file - Fonts - fsck_msdos - HFS - Heimdal - HelpViewer - ImageIO - Kernel - libarchive - Open Scripting Architecture - PCRE - Postfix - Quick Look - QuickTime - Remote Management - Sandbox - StreamingZip - tcpdump - Wi-Fi
    last seen2020-06-01
    modified2020-06-02
    plugin id104379
    published2017-11-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104379
    titlemacOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-2478.NASL
    descriptionAn update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * It was discovered that the httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id102505
    published2017-08-16
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102505
    titleCentOS 6 : httpd (CESA-2017:2478)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2479.NASL
    descriptionAn update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * It was discovered that the httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id102519
    published2017-08-16
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102519
    titleRHEL 7 : httpd (RHSA-2017:2479)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0027_HTTPD.NASL
    descriptionAn update of the httpd package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121721
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121721
    titlePhoton OS 1.0: Httpd PHSA-2017-0027
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_10_13.NASL
    descriptionThe remote host is running a version of Mac OS X that is prior to 10.10.5, 10.11.x prior to 10.11.6, 10.12.x prior to 10.12.6, or is not macOS 10.13. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - AppSandbox - AppleScript - Application Firewall - ATS - Audio - CFNetwork - CFNetwork Proxies - CFString - Captive Network Assistant - CoreAudio - CoreText - DesktopServices - Directory Utility - file - Fonts - fsck_msdos - HFS - Heimdal - HelpViewer - IOFireWireFamily - ImageIO - Installer - Kernel - kext tools - libarchive - libc - libexpat - Mail - Mail Drafts - ntp - Open Scripting Architecture - PCRE - Postfix - Quick Look - QuickTime - Remote Management - SQLite - Sandbox - Screen Lock - Security - Spotlight - WebKit - zlib Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id103598
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/103598
    titlemacOS < 10.13 Multiple Vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201710-32.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201710-32 (Apache: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Apache. Please review the referenced CVE identifiers for details. Impact : The Optionsbleed vulnerability can leak arbitrary memory from the server process that may contain secrets. Additionally attackers may cause a Denial of Service condition, bypass authentication, or cause information loss. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id104233
    published2017-10-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104233
    titleGLSA-201710-32 : Apache: Multiple vulnerabilities (Optionsbleed)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-2478.NASL
    descriptionFrom Red Hat Security Advisory 2017:2478 : An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * It was discovered that the httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id102514
    published2017-08-16
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102514
    titleOracle Linux 6 : httpd (ELSA-2017-2478)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1389.NASL
    descriptionAccording to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.(CVE-2018-17199) - It was discovered that the use of httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id124892
    published2019-05-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124892
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : httpd (EulerOS-SA-2019-1389)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170815_HTTPD_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - It was discovered that the httpd
    last seen2020-03-18
    modified2017-08-22
    plugin id102668
    published2017-08-22
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102668
    titleScientific Linux Security Update : httpd on SL7.x x86_64 (20170815)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1177.NASL
    descriptionAccording to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the httpd
    last seen2020-05-06
    modified2017-09-08
    plugin id103015
    published2017-09-08
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103015
    titleEulerOS 2.0 SP1 : httpd (EulerOS-SA-2017-1177)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1997-1.NASL
    descriptionThis update provides apache2 2.2.34, which brings many fixes and enhancements: Security issues fixed : - CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest. (bsc#1048576) Bug fixes : - Remove /usr/bin/http2 link only during package uninstall, not upgrade. (bsc#1041830) - Don
    last seen2020-06-01
    modified2020-06-02
    plugin id102068
    published2017-07-31
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102068
    titleSUSE SLES11 Security Update : apache2 (SUSE-SU-2017:1997-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-865.NASL
    descriptionThis update for apache2 fixes the following issues : Security issue fixed : - CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest. (bsc#1048576) Bug fixes : - Include individual sysconfig.d files instead of the whole sysconfig.d directory. - Include sysconfig.d/include.conf after httpd.conf is processed. (bsc#1023616, bsc#1043055) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-05
    modified2017-07-31
    plugin id102055
    published2017-07-31
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/102055
    titleopenSUSE Security Update : apache2 (openSUSE-2017-865)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-3193.NASL
    descriptionAn update for httpd is now available for Red Hat Enterprise Linux 7.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * It was discovered that the httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id104539
    published2017-11-14
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104539
    titleRHEL 7 : httpd (RHSA-2017:3193) (Optionsbleed)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-3240.NASL
    descriptionAn update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 and Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 21st November 2017] Previously, this erratum was marked as a replacement of the JBoss Enterprise Application Platform 6.4.16 Natives. This was incorrect; the erratum is an update, not a replacement. The erratum text has been modified to reflect this. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release provides an update to httpd and OpenSSL. The updates are documented in the Release Notes document linked to in the References. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. This release of JBoss Enterprise Application Platform 6.4.18 Natives serves as an update to the JBoss Enterprise Application Platform 6.4.16 Natives and includes bug fixes which are documented in the Release Notes document linked to in the References. All users of Red Hat JBoss Enterprise Application Platform 6.4 Natives are advised to upgrade to these updated packages. Security Fix(es) : * It was discovered that the httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id104699
    published2017-11-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104699
    titleRHEL 6 / 7 : JBoss EAP (RHSA-2017:3240) (Optionsbleed)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0118_HTTPD.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has httpd packages installed that are affected by multiple vulnerabilities: - Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. (CVE-2005-1268) - The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a Transfer-Encoding: chunked header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka HTTP Request Smuggling. (CVE-2005-2088) - ssl_engine_kernel.c in mod_ssl before 2.8.24, when using SSLVerifyClient optional in the global virtual host configuration, does not properly enforce SSLVerifyClient require in a per-location context, which allows remote attackers to bypass intended access restrictions. (CVE-2005-2700) - The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field. (CVE-2005-2728) - Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. (CVE-2005-3352) - mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference. (CVE-2005-3357) - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post- renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. (CVE-2009-3555) - The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. (CVE-2010-1452) - fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations. (CVE-2011-3638) - It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743) - It was discovered that the use of httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id127360
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127360
    titleNewStart CGSL MAIN 4.05 : httpd Multiple Vulnerabilities (NS-SA-2019-0118)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2709.NASL
    descriptionAn update is now available for JBoss Core Services on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2 serves as an update for Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * It was discovered that the httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id103240
    published2017-09-15
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103240
    titleRHEL 7 : JBoss Core Services (RHSA-2017:2709)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-2478.NASL
    descriptionAn update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * It was discovered that the httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id119222
    published2018-11-27
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119222
    titleVirtuozzo 6 : httpd / httpd-devel / httpd-manual / httpd-tools / etc (VZLSA-2017-2478)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-2479.NASL
    descriptionAn update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * It was discovered that the httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id102767
    published2017-08-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102767
    titleCentOS 7 : httpd (CESA-2017:2479)
  • NASL familyWeb Servers
    NASL idAPACHE_2_2_34.NASL
    descriptionAccording to its banner, the version of Apache running on the remote host is 2.2.x prior to 2.2.34. It is, therefore, affected by the following vulnerabilities : - An authentication bypass vulnerability exists in httpd due to third-party modules using the ap_get_basic_auth_pw() function outside of the authentication phase. An unauthenticated, remote attacker can exploit this to bypass authentication requirements. (CVE-2017-3167) - A denial of service vulnerability exists in httpd due to a NULL pointer dereference flaw that is triggered when a third-party module calls the mod_ssl ap_hook_process_connection() function during an HTTP request to an HTTPS port. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-3169) - A denial of service vulnerability exists in httpd due to an out-of-bounds read error in the ap_find_token() function that is triggered when handling a specially crafted request header sequence. An unauthenticated, remote attacker can exploit this to crash the service or force ap_find_token() to return an incorrect value. (CVE-2017-7668) - A denial of service vulnerability exists in httpd due to an out-of-bounds read error in the mod_mime that is triggered when handling a specially crafted Content-Type response header. An unauthenticated, remote attacker can exploit this to disclose sensitive information or cause a denial of service condition. (CVE-2017-7679) - A denial of service vulnerability exists in httpd due to a failure to initialize or reset the value placeholder in [Proxy-]Authorization headers of type
    last seen2020-06-01
    modified2020-06-02
    plugin id101787
    published2017-07-18
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101787
    titleApache 2.2.x < 2.2.34 Multiple Vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3913.NASL
    descriptionRobert Swiecki reported that mod_auth_digest does not properly initialize or reset the value placeholder in [Proxy-]Authorization headers of type
    last seen2020-06-01
    modified2020-06-02
    plugin id101793
    published2017-07-19
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101793
    titleDebian DSA-3913-1 : apache2 - security update
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_457CE01567FA11E7867FB499BAEBFEAF.NASL
    descriptionThe Apache httpd project reports : important: Read after free in mod_http2 (CVE-2017-9789) When under stress, closing many connections, the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. important: Uninitialized memory reflection in mod_auth_digest (CVE-2017-9788)The value placeholder in [Proxy-]Authorization headers of type
    last seen2020-06-01
    modified2020-06-02
    plugin id101540
    published2017-07-14
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101540
    titleFreeBSD : Apache httpd -- multiple vulnerabilities (457ce015-67fa-11e7-867f-b499baebfeaf)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2017-194-01.NASL
    descriptionNew httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101532
    published2017-07-14
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/101532
    titleSlackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : httpd (SSA:2017-194-01)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-3194.NASL
    descriptionAn update for httpd is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * It was discovered that the httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id104540
    published2017-11-14
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104540
    titleRHEL 7 : httpd (RHSA-2017:3194) (Optionsbleed)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1419.NASL
    descriptionAccording to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.(CVE-2014-0098) - A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id124922
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124922
    titleEulerOS Virtualization 3.0.1.0 : httpd (EulerOS-SA-2019-1419)
  • NASL familyWeb Servers
    NASL idAPACHE_2_4_27.NASL
    descriptionAccording to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.27. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists in httpd due to a failure to initialize or reset the value placeholder in [Proxy-]Authorization headers of type
    last seen2020-06-01
    modified2020-06-02
    plugin id101788
    published2017-07-18
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101788
    titleApache 2.4.x < 2.4.27 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2449-1.NASL
    descriptionThis update for apache2 provides the following fixes: Security issues fixed : - CVE-2017-9788: The value placeholder in [Proxy-]Authorization headers of type
    last seen2020-06-01
    modified2020-06-02
    plugin id103215
    published2017-09-14
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103215
    titleSUSE SLES12 Security Update : Recommended update for apache2 (SUSE-SU-2017:2449-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1028.NASL
    descriptionRobert Swiecki discovered that the value placeholder in [Proxy-]Authorization Digest headers were not initialized or reset before or between successive key=value assignments in Apache 2
    last seen2020-03-17
    modified2017-07-18
    plugin id101774
    published2017-07-18
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101774
    titleDebian DLA-1028-1 : apache2 security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2756-1.NASL
    descriptionThis update for apache2 fixes several issues. These security issues were fixed : - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS (bsc#1058058) - CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest could have lead to leakage of potentially confidential information, and a segfault in other cases resulting in DoS (bsc#1048576). - CVE-2017-7679: mod_mime could have read one byte past the end of a buffer when sending a malicious Content-Type response header (bsc#1045060). - CVE-2017-3169: mod_ssl may dereferenced a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port allowing for DoS (bsc#1045062). - CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may have lead to authentication requirements being bypassed (bsc#1045065). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id103961
    published2017-10-19
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103961
    titleSUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2756-1) (Optionsbleed)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-892.NASL
    descriptionA NULL pointer dereference flaw was found in the httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id103226
    published2017-09-15
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/103226
    titleAmazon Linux AMI : httpd (ALAS-2017-892)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170815_HTTPD_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - It was discovered that the httpd
    last seen2020-03-18
    modified2017-08-16
    plugin id102521
    published2017-08-16
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102521
    titleScientific Linux Security Update : httpd on SL6.x i386/x86_64 (20170815)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2478.NASL
    descriptionAn update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * It was discovered that the httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id102535
    published2017-08-17
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102535
    titleRHEL 6 : httpd (RHSA-2017:2478)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2710.NASL
    descriptionAn update is now available for JBoss Core Services on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2 serves as an update for Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * It was discovered that the httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id103241
    published2017-09-15
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103241
    titleRHEL 6 : JBoss Core Services (RHSA-2017:2710)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0027.NASL
    descriptionAn update of [httpd] packages for PhotonOS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id111876
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111876
    titlePhoton OS 1.0: Httpd PHSA-2017-0027 (deprecated)

Redhat

advisories
  • bugzilla
    id1470748
    titleCVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commenthttpd-manual is earlier than 0:2.2.15-60.el6_9.5
            ovaloval:com.redhat.rhsa:tst:20172478001
          • commenthttpd-manual is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111245022
        • AND
          • commenthttpd is earlier than 0:2.2.15-60.el6_9.5
            ovaloval:com.redhat.rhsa:tst:20172478003
          • commenthttpd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111245028
        • AND
          • commentmod_ssl is earlier than 1:2.2.15-60.el6_9.5
            ovaloval:com.redhat.rhsa:tst:20172478005
          • commentmod_ssl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111245026
        • AND
          • commenthttpd-devel is earlier than 0:2.2.15-60.el6_9.5
            ovaloval:com.redhat.rhsa:tst:20172478007
          • commenthttpd-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111245024
        • AND
          • commenthttpd-tools is earlier than 0:2.2.15-60.el6_9.5
            ovaloval:com.redhat.rhsa:tst:20172478009
          • commenthttpd-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111245030
    rhsa
    idRHSA-2017:2478
    released2017-08-15
    severityImportant
    titleRHSA-2017:2478: httpd security update (Important)
  • bugzilla
    id1470748
    titleCVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commenthttpd-manual is earlier than 0:2.4.6-67.el7_4.2
            ovaloval:com.redhat.rhsa:tst:20172479001
          • commenthttpd-manual is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111245022
        • AND
          • commentmod_session is earlier than 0:2.4.6-67.el7_4.2
            ovaloval:com.redhat.rhsa:tst:20172479003
          • commentmod_session is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140921012
        • AND
          • commenthttpd is earlier than 0:2.4.6-67.el7_4.2
            ovaloval:com.redhat.rhsa:tst:20172479005
          • commenthttpd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111245028
        • AND
          • commentmod_proxy_html is earlier than 1:2.4.6-67.el7_4.2
            ovaloval:com.redhat.rhsa:tst:20172479007
          • commentmod_proxy_html is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140921016
        • AND
          • commenthttpd-tools is earlier than 0:2.4.6-67.el7_4.2
            ovaloval:com.redhat.rhsa:tst:20172479009
          • commenthttpd-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111245030
        • AND
          • commentmod_ssl is earlier than 1:2.4.6-67.el7_4.2
            ovaloval:com.redhat.rhsa:tst:20172479011
          • commentmod_ssl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111245026
        • AND
          • commentmod_ldap is earlier than 0:2.4.6-67.el7_4.2
            ovaloval:com.redhat.rhsa:tst:20172479013
          • commentmod_ldap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140921014
        • AND
          • commenthttpd-devel is earlier than 0:2.4.6-67.el7_4.2
            ovaloval:com.redhat.rhsa:tst:20172479015
          • commenthttpd-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111245024
    rhsa
    idRHSA-2017:2479
    released2017-08-15
    severityImportant
    titleRHSA-2017:2479: httpd security update (Important)
  • rhsa
    idRHSA-2017:2483
  • rhsa
    idRHSA-2017:2708
  • rhsa
    idRHSA-2017:2709
  • rhsa
    idRHSA-2017:2710
  • rhsa
    idRHSA-2017:3113
  • rhsa
    idRHSA-2017:3114
  • rhsa
    idRHSA-2017:3193
  • rhsa
    idRHSA-2017:3194
  • rhsa
    idRHSA-2017:3195
  • rhsa
    idRHSA-2017:3239
  • rhsa
    idRHSA-2017:3240
rpms
  • httpd-0:2.2.15-60.el6_9.5
  • httpd-debuginfo-0:2.2.15-60.el6_9.5
  • httpd-devel-0:2.2.15-60.el6_9.5
  • httpd-manual-0:2.2.15-60.el6_9.5
  • httpd-tools-0:2.2.15-60.el6_9.5
  • mod_ssl-1:2.2.15-60.el6_9.5
  • httpd-0:2.4.6-67.el7_4.2
  • httpd-debuginfo-0:2.4.6-67.el7_4.2
  • httpd-devel-0:2.4.6-67.el7_4.2
  • httpd-manual-0:2.4.6-67.el7_4.2
  • httpd-tools-0:2.4.6-67.el7_4.2
  • mod_ldap-0:2.4.6-67.el7_4.2
  • mod_proxy_html-1:2.4.6-67.el7_4.2
  • mod_session-0:2.4.6-67.el7_4.2
  • mod_ssl-1:2.4.6-67.el7_4.2
  • httpd24-httpd-0:2.4.25-9.el6.1
  • httpd24-httpd-0:2.4.25-9.el7.1
  • httpd24-httpd-debuginfo-0:2.4.25-9.el6.1
  • httpd24-httpd-debuginfo-0:2.4.25-9.el7.1
  • httpd24-httpd-devel-0:2.4.25-9.el6.1
  • httpd24-httpd-devel-0:2.4.25-9.el7.1
  • httpd24-httpd-manual-0:2.4.25-9.el6.1
  • httpd24-httpd-manual-0:2.4.25-9.el7.1
  • httpd24-httpd-tools-0:2.4.25-9.el6.1
  • httpd24-httpd-tools-0:2.4.25-9.el7.1
  • httpd24-mod_ldap-0:2.4.25-9.el6.1
  • httpd24-mod_ldap-0:2.4.25-9.el7.1
  • httpd24-mod_proxy_html-1:2.4.25-9.el6.1
  • httpd24-mod_proxy_html-1:2.4.25-9.el7.1
  • httpd24-mod_session-0:2.4.25-9.el6.1
  • httpd24-mod_session-0:2.4.25-9.el7.1
  • httpd24-mod_ssl-1:2.4.25-9.el6.1
  • httpd24-mod_ssl-1:2.4.25-9.el7.1
  • jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7
  • jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el7
  • jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el7
  • jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el7
  • jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el7
  • jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el7
  • jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el7
  • jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el7
  • jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el7
  • jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el7
  • jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el7
  • jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7
  • jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7
  • jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7
  • jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7
  • jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7
  • jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7
  • jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6
  • jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6
  • jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6
  • jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6
  • jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el6
  • jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6
  • jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6
  • jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6
  • jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6
  • jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6
  • jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6
  • jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6
  • jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6
  • jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6
  • jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6
  • jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6
  • jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6
  • httpd-0:2.2.26-57.ep6.el6
  • httpd-debuginfo-0:2.2.26-57.ep6.el6
  • httpd-devel-0:2.2.26-57.ep6.el6
  • httpd-manual-0:2.2.26-57.ep6.el6
  • httpd-tools-0:2.2.26-57.ep6.el6
  • httpd22-0:2.2.26-58.ep6.el7
  • httpd22-debuginfo-0:2.2.26-58.ep6.el7
  • httpd22-devel-0:2.2.26-58.ep6.el7
  • httpd22-manual-0:2.2.26-58.ep6.el7
  • httpd22-tools-0:2.2.26-58.ep6.el7
  • jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6
  • jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7
  • jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6
  • jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7
  • jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6
  • jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7
  • jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6
  • jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7
  • jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6
  • jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7
  • jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6
  • jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7
  • mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6
  • mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7
  • mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6
  • mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7
  • mod_ldap-0:2.2.26-57.ep6.el6
  • mod_ldap22-0:2.2.26-58.ep6.el7
  • mod_ssl-1:2.2.26-57.ep6.el6
  • mod_ssl22-1:2.2.26-58.ep6.el7
  • tomcat6-0:6.0.41-19_patch_04.ep6.el6
  • tomcat6-0:6.0.41-19_patch_04.ep6.el7
  • tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6
  • tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7
  • tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6
  • tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7
  • tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6
  • tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7
  • tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6
  • tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7
  • tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6
  • tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7
  • tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6
  • tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7
  • tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6
  • tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7
  • tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6
  • tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7
  • tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6
  • tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7
  • tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6
  • tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7
  • tomcat7-0:7.0.54-28_patch_05.ep6.el6
  • tomcat7-0:7.0.54-28_patch_05.ep6.el7
  • tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6
  • tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7
  • tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6
  • tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7
  • tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6
  • tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7
  • tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6
  • tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7
  • tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6
  • tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7
  • tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6
  • tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7
  • tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6
  • tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7
  • tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6
  • tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7
  • tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6
  • tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7
  • tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6
  • tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7
  • httpd-0:2.4.6-40.el7_2.6
  • httpd-debuginfo-0:2.4.6-40.el7_2.6
  • httpd-devel-0:2.4.6-40.el7_2.6
  • httpd-manual-0:2.4.6-40.el7_2.6
  • httpd-tools-0:2.4.6-40.el7_2.6
  • mod_ldap-0:2.4.6-40.el7_2.6
  • mod_proxy_html-1:2.4.6-40.el7_2.6
  • mod_session-0:2.4.6-40.el7_2.6
  • mod_ssl-1:2.4.6-40.el7_2.6
  • httpd-0:2.4.6-45.el7_3.5
  • httpd-debuginfo-0:2.4.6-45.el7_3.5
  • httpd-devel-0:2.4.6-45.el7_3.5
  • httpd-manual-0:2.4.6-45.el7_3.5
  • httpd-tools-0:2.4.6-45.el7_3.5
  • mod_ldap-0:2.4.6-45.el7_3.5
  • mod_proxy_html-1:2.4.6-45.el7_3.5
  • mod_session-0:2.4.6-45.el7_3.5
  • mod_ssl-1:2.4.6-45.el7_3.5
  • httpd-0:2.2.15-47.el6_7.5
  • httpd-debuginfo-0:2.2.15-47.el6_7.5
  • httpd-devel-0:2.2.15-47.el6_7.5
  • httpd-manual-0:2.2.15-47.el6_7.5
  • httpd-tools-0:2.2.15-47.el6_7.5
  • mod_ssl-1:2.2.15-47.el6_7.5
  • httpd-0:2.2.26-57.ep6.el6
  • httpd-debuginfo-0:2.2.26-57.ep6.el6
  • httpd-devel-0:2.2.26-57.ep6.el6
  • httpd-manual-0:2.2.26-57.ep6.el6
  • httpd-tools-0:2.2.26-57.ep6.el6
  • httpd22-0:2.2.26-58.ep6.el7
  • httpd22-debuginfo-0:2.2.26-58.ep6.el7
  • httpd22-devel-0:2.2.26-58.ep6.el7
  • httpd22-manual-0:2.2.26-58.ep6.el7
  • httpd22-tools-0:2.2.26-58.ep6.el7
  • jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6
  • jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7
  • jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6
  • jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7
  • jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6
  • jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7
  • jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6
  • jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7
  • jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6
  • jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7
  • jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6
  • jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7
  • mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6
  • mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7
  • mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6
  • mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7
  • mod_ldap-0:2.2.26-57.ep6.el6
  • mod_ldap22-0:2.2.26-58.ep6.el7
  • mod_ssl-1:2.2.26-57.ep6.el6
  • mod_ssl22-1:2.2.26-58.ep6.el7

References