| Severity | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE ID | CVE-2017-3167 CVE-2017-3169 CVE-2017-7679 CVE-2017-9798 CVE-2017-12613 |
| CVSSv3 |
6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] 5.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C] 5.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:P/RL:O/RC:C] 4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C] |
| CWE ID | CWE-592 CWE-125 CWE-416 CWE-200 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #4 is available. |
| Vulnerable software |
Red Hat Enterprise Linux |
| Vulnerable software versions |
Red Hat Enterprise Linux 6 |
| Vendor URL | Red Hat Inc. |
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to usage of the ap_get_basic_auth_pw() function by third-party modules outside of the authentication phase. A remote attacker can create a specially crafted HTTP request to vulnerable web server, bypass authentication requirements and gain unauthorized access to otherwise protected information.
RemediationInstall update from vendor's website.
External linkshttps://access.redhat.com/errata/RHSA-2017:3477
The vulnerability allows a remote attacker to perform denial of service attack.
The vulnerability exists due to a NULL pointer dereference error within mod_ssl module, when third-party modules call ap_hook_process_connection() function during an HTTP request to an HTTPS port. A remote attacker can send a specially crafted HTTP request and crash the affected web server.
RemediationInstall update from vendor's website.
External linkshttps://access.redhat.com/errata/RHSA-2017:3477
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to out-of-bounds read within the mod_mime when constructing Content-Type response header. A remote attacker read one byte pas the end of a buffer when sending a malicious Content-Type response header.
Remediation
Install update from vendor's website.
External linkshttps://access.redhat.com/errata/RHSA-2017:3477
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to use-after-free error when processing HTTP OPTIONS requests in server/core.c, when limits are configured in .htaccess or httpd.conf configuration files. A remote unauthenticated attacker can read portions of memory through HTTP OPTIONS requests and gain access to potentially sensitive data.
The vulnerability is dubbed Optionsbleed.
RemediationInstall update from vendor's website.
External linkshttps://access.redhat.com/errata/RHSA-2017:3477
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an out-of-bounds array dereference in the apr_time_exp_get() function. A remote attacker can access prior out-of-bounds memory, reveal the contents of a different static heap value and read arbitrary files or cause the application to crash.
Install update from vendor's website.
External linkshttps://access.redhat.com/errata/RHSA-2017:3477