Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2016-0736

Published: 27/07/2017 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Http Server

Vulnerability Summary

In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server 2.4.1

apache http server 2.4.20

apache http server 2.4.6

apache http server 2.4.0

apache http server 2.4.12

apache http server 2.4.3

apache http server 2.4.23

apache http server 2.4.8

apache http server 2.4.10

apache http server 2.4.7

apache http server 2.4.14

apache http server 2.4.22

apache http server 2.4.2

apache http server 2.4.19

apache http server 2.4.16

apache http server 2.4.9

apache http server 2.4.21

Vendor Advisories

Debian CVElist Bug Report Logs: apache2: CVE-2016-8740: erver memory can be exhausted and service denied when HTTP/2 is used
Debian Bug report logs - #847124 apache2: CVE-2016-8740: erver memory can be exhausted and service denied when HTTP/2 is used Package: src:apache2; Maintainer for src:apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 5 Dec 2016 20:1 ...
Ubuntu Security Notice: apache2 vulnerabilities
Several security issues were fixed in Apache HTTP Server ...
Debian Security Advisories: DSA-3796-1 apache2 -- security update
Several vulnerabilities were discovered in the Apache2 HTTP server CVE-2016-0736 RedTeam Pentesting GmbH discovered that mod_session_crypto was vulnerable to padding oracle attacks, which could allow an attacker to guess the session cookie CVE-2016-2161 Maksim Malyutin discovered that malicious input to mod_auth_digest could cause the ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 7
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2423 Service Pack 1 for RHEL 7 Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Core Services on RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 6
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2423 Service Pack 1 for RHEL 6 Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Core Services on RHEL 6Red Hat Product Security has rated this update as having a security impact of Important A ...
Red Hat: Moderate: httpd security and bug fix update
Synopsis Moderate: httpd security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for httpd is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...
Red Hat: Moderate: httpd24-httpd security, bug fix, and enhancement update
Synopsis Moderate: httpd24-httpd security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated httpd24 packages are now available as a part of Red Hat Software Collections 24 for Red Hat Enterprise LinuxRed Hat Product Security has rated this update as having a security ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2423 Service Pack 1 Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Amazon Linux AMI: ALAS-2017-785
The following security-related issues were fixed: Padding oracle vulnerability in Apache mod_session_crypto (CVE-2016-0736)DoS vulnerability in mod_auth_digest (CVE-2016-2161)Apache HTTP request parsing whitespace defects (CVE-2016-8743) ...
Tenable Security Advisories: [R5] SecurityCenter 5.4.3 Fixes Multiple Vulnerabilities
SecurityCenter has recently been discovered to contain several vulnerabilities Four issues in the SC code were discovered during internal testing by Barry Clark, and several third-party libraries were upgraded as part of our internal security process Note that the library vulnerabilities were not fully diagnosed so SecurityCenter is possibly impa ...

Exploits

Exploit DB: Apache mod_session_crypto - Padding Oracle
''' Advisory: Padding Oracle in Apache mod_session_crypto During a penetration test, RedTeam Pentesting discovered a Padding Oracle vulnerability in mod_session_crypto of the Apache web server This vulnerability can be exploited to decrypt the session data and even encrypt attacker-specified data Details ======= Product: Apache HTTP Server mo ...
Exploit DB: Apache mod_session_crypt 2.5 Padding Oracle
Apache mod_session_crypto versions 23 through 25 suffer form a padding oracle vulnerability ...

References

CWE-310https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-0736https://security.gentoo.org/glsa/201701-36https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_ushttp://www.securitytracker.com/id/1037508http://www.securityfocus.com/bid/95078https://www.exploit-db.com/exploits/40961/https://www.tenable.com/security/tns-2017-04http://www.debian.org/security/2017/dsa-3796https://support.apple.com/HT208221https://access.redhat.com/errata/RHSA-2017:1414https://access.redhat.com/errata/RHSA-2017:1413https://access.redhat.com/errata/RHSA-2017:1161https://access.redhat.com/errata/RHSA-2017:0906http://rhn.redhat.com/errata/RHSA-2017-1415.htmlhttps://security.netapp.com/advisory/ntap-20180423-0001/https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847124https://usn.ubuntu.com/3279-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/40961/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook