Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2016-3110

Published: 26/09/2016 Updated: 13/02/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Jboss Enterprise Application Platform

Vulnerability Summary

mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote malicious users to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat jboss_enterprise_application_platform 6.0.0

redhat jboss_enterprise_application_platform 6.4.0

redhat jboss_enterprise_web_server 2.0.0

redhat jboss_enterprise_web_server 2.1

fedoraproject fedora 28

fedoraproject fedora 29

fedoraproject fedora 30

Vendor Advisories

Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 6.4.10 natives update on RHEL 7
Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 6410 natives update on RHEL 7 Type/Severity Security Advisory: Moderate Topic Updated packages that provide Red Hat JBoss Enterprise Application Platform 6410 natives, fix several bugs, and add various enhancements are now available for Re ...
Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 6.4.10 natives update on RHEL 6
Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 6410 natives update on RHEL 6 Type/Severity Security Advisory: Moderate Topic Updated packages that provide Red Hat JBoss Enterprise Application Platform 6410 natives, fix several bugs, and add various enhancements are now available for Re ...
Red Hat: CVE-2016-3110
It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP) ...

References

CWE-20http://www.securityfocus.com/bid/92584https://bugzilla.redhat.com/show_bug.cgi?id=1326320http://rhn.redhat.com/errata/RHSA-2016-1650.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1648.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1649.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2056.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2055.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2054.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HE5YZTBZRXCMQFT5LDLZG2HAYBKMYQLL/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6JMA2YLPK6SEUVF5Q3QEANHYEPRZA2RI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CX5QNNIVAUB2VVDV6TR3YMFTL6VRKOBO/https://access.redhat.com/errata/RHSA-2016:2054https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2016-3110
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook