7.5
CVSSv3

CVE-2016-0736

Published: 27/07/2017 Updated: 21/11/2024

Vulnerability Summary

In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server 2.4.0

apache http server 2.4.1

apache http server 2.4.2

apache http server 2.4.3

apache http server 2.4.6

apache http server 2.4.7

apache http server 2.4.8

apache http server 2.4.9

apache http server 2.4.10

apache http server 2.4.12

apache http server 2.4.14

apache http server 2.4.16

apache http server 2.4.19

apache http server 2.4.20

apache http server 2.4.21

apache http server 2.4.22

apache http server 2.4.23

Vendor Advisories

Several security issues were fixed in Apache HTTP Server ...
Debian Bug report logs - #847124 apache2: CVE-2016-8740: erver memory can be exhausted and service denied when HTTP/2 is used Package: src:apache2; Maintainer for src:apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 5 Dec 2016 20:1 ...
Several vulnerabilities were discovered in the Apache2 HTTP server CVE-2016-0736 RedTeam Pentesting GmbH discovered that mod_session_crypto was vulnerable to padding oracle attacks, which could allow an attacker to guess the session cookie CVE-2016-2161 Maksim Malyutin discovered that malicious input to mod_auth_digest could cause the ...
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2423 Service Pack 1 for RHEL 7 Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Core Services on RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A ...
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2423 Service Pack 1 Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2423 Service Pack 1 for RHEL 6 Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Core Services on RHEL 6Red Hat Product Security has rated this update as having a security impact of Important A ...
Synopsis Moderate: httpd24-httpd security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated httpd24 packages are now available as a part of Red Hat Software Collections 24 for Red Hat Enterprise LinuxRed Hat Product Security has rated this update as having a security ...
Synopsis Moderate: httpd security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for httpd is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...
The following security-related issues were fixed: Padding oracle vulnerability in Apache mod_session_crypto (CVE-2016-0736)DoS vulnerability in mod_auth_digest (CVE-2016-2161)Apache HTTP request parsing whitespace defects (CVE-2016-8743) ...
SecurityCenter has recently been discovered to contain several vulnerabilities Four issues in the SC code were discovered during internal testing by Barry Clark, and several third-party libraries were upgraded as part of our internal security process Note that the library vulnerabilities were not fully diagnosed so SecurityCenter is possibly impa ...

Exploits

''' Advisory: Padding Oracle in Apache mod_session_crypto During a penetration test, RedTeam Pentesting discovered a Padding Oracle vulnerability in mod_session_crypto of the Apache web server This vulnerability can be exploited to decrypt the session data and even encrypt attacker-specified data Details ======= Product: Apache HTTP Server mo ...
Apache mod_session_crypto versions 23 through 25 suffer form a padding oracle vulnerability ...