{"containers": {"cna": {"affected": [{"product": "mod_cluster", "vendor": "Red Hat, Inc.", "versions": [{"status": "affected", "version": "httpd 2.4.23"}]}], "datePublic": "2016-12-15T00:00:00", "descriptions": [{"lang": "en", "value": "Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-06-02T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "94939", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94939"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20180601-0005/"}, {"name": "RHSA-2017:0194", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:0194"}, {"name": "RHSA-2017:0193", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:0193"}, {"name": "RHSA-2016:2957", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1387605"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:27:41.111Z"}, "title": "CVE Program Container", "references": [{"name": "94939", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94939"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20180601-0005/"}, {"name": "RHSA-2017:0194", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:0194"}, {"name": "RHSA-2017:0193", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:0193"}, {"name": "RHSA-2016:2957", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1387605"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-8612", "dateReserved": "2016-10-12T00:00:00", "dateUpdated": "2024-08-06T02:27:41.111Z", "state": "PUBLISHED", "datePublished": "2018-03-09T20:00:00Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "77209686-DDBE-44AD-8C6E-6AD5EFB0FBE6", "versionEndExcluding": "2.4.23", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process."}, {"lang": "es", "value": "Apache HTTP Server mod_cluster, en versiones anteriores a httpd 2.4.23, es vulnerable a una validaci\u00f3n de entradas incorrecta en la l\u00f3gica de an\u00e1lisis de protocolo en el balanceador de carga, lo que resulta en un fallo de segmentaci\u00f3n en el proceso httpd en servicio."}], "id": "CVE-2016-8612", "lastModified": "2023-02-12T23:26:02.110", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-09T20:29:00.410", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94939"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:0193"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:0194"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1387605"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20180601-0005/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2017:0193", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-httpd-0:2.4.23-102.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0193", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_auth_kerb-0:5.4-35.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0193", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_bmx-0:0.9.6-14.GA.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0193", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.5-13.Final_redhat_1.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0193", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_jk-0:1.2.41-14.redhat_1.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0193", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_rt-0:2.4.1-16.GA.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0193", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_security-0:2.9.1-18.GA.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0193", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-nghttp2-0:1.12.0-9.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0193", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-openssl-1:1.0.2h-12.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0194", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-httpd-0:2.4.23-102.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0194", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_auth_kerb-0:5.4-35.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0194", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_bmx-0:0.9.6-14.GA.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0194", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.5-13.Final_redhat_1.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0194", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_jk-0:1.2.41-14.redhat_1.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0194", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_rt-0:2.4.1-16.GA.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0194", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_security-0:2.9.1-18.GA.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0194", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-nghttp2-0:1.12.0-9.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0194", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-openssl-1:1.0.2h-12.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2016:2957", "cpe": "cpe:/a:redhat:jboss_core_services:1", "product_name": "Red Hat JBoss Core Services 1", "release_date": "2016-12-15T00:00:00Z"}], "bugzilla": {"description": "mod_cluster: Protocol parsing logic error", "id": "1387605", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1387605"}, "csaw": false, "cvss": {"cvss_base_score": "2.9", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-20", "details": ["Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.", "An error was found in protocol parsing logic of mod_cluster load balancer Apache HTTP Server modules. An attacker could use this flaw to cause a Segmentation Fault in the serving httpd process."], "name": "CVE-2016-8612", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5", "fix_state": "Will not fix", "package_name": "mod_cluster", "product_name": "Red Hat JBoss Enterprise Application Platform 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Will not fix", "package_name": "mod_cluster", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "mod_cluster", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Will not fix", "package_name": "mod_cluster", "product_name": "Red Hat JBoss Enterprise Web Server 2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Affected", "package_name": "mod_cluster", "product_name": "Red Hat JBoss Enterprise Web Server 3"}], "public_date": "2016-12-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-8612\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8612"], "threat_severity": "Low"}