Debian Bug report logs -
#868467
apache2: CVE-2017-9788
Package:
src:apache2;
Maintainer for src:apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 15 Jul 2017 19:27:01 UTC
Severity: important
Tags: fixed-upstream, security, upstream ...
Robert Swiecki reported that mod_auth_digest does not properly
initialize or reset the value placeholder in [Proxy-]Authorization
headers of type Digest between successive key=value assignments,
leading to information disclosure or denial of service
For the oldstable distribution (jessie), this problem has been fixed
in version 2410-10+deb8u10
...
Apache HTTP Server could be made to crash or leak sensitive information if
it received specially crafted network traffic ...
Apache HTTP Server could be made to crash or leak sensitive information if
it received specially crafted network traffic ...
Synopsis
Important: Red Hat JBoss Core Services security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for JBoss Core Services on Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sc ...
Synopsis
Important: Red Hat JBoss Core Services security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ba ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 6418 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 64 for RHEL 6 and Red Hat JBoss Enterprise Application Platform 64 for RHEL 7Red Hat Produ ...
Synopsis
Important: httpd security update
Type/Severity
Security Advisory: Important
Topic
An update for httpd is now available for Red Hat Enterprise Linux 72 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: Red Hat JBoss Web Server security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Web Server 212 for RHEL 6 and Red Hat JBoss Enterprise Web Server 212 for RHEL 7Red Hat Product Security has rated this updat ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 6418 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Application PlatformRed Hat Product Security has rated this update as having a security impact of Important A Co ...
Synopsis
Important: Red Hat JBoss Core Services security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for JBoss Core Services on Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sc ...
Synopsis
Important: httpd security update
Type/Severity
Security Advisory: Important
Topic
An update for httpd is now available for Red Hat Enterprise Linux 73 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: Red Hat JBoss Web Server security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Web Server 212Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...
Synopsis
Important: httpd security update
Type/Severity
Security Advisory: Important
Topic
An update for httpd is now available for Red Hat Enterprise Linux 67 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
A NULL pointer dereference flaw was found in the httpd's mod_ssl module A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request (CVE-2017-3169)
It was discovered that the use of httpd's ap_get_basic_auth_pw() API function ...
A security issue has been found in apache's mod_auth_digest <= 2426, leading to information disclosure or denial of service The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest Providing an initial key with no '=' assignment ...
Tenablesc leverages third-party software to help provide underlying functionality Three separate third-party components (OpenSSL, Apache HTTP Server, SimpleSAMLphp) were found to contain vulnerabilities, and updated versions have been made available by the providers
Out of caution and in line with good practice, Tenable opted to upgrade the bun ...