Vulnerability-Lookup

CVE-2016-8743 (GCVE-0-2016-8743)

Vulnerability from cvelistv5 – Published: 2017-07-27 21:00 – Updated: 2024-09-16 17:03

Summary

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.

Severity ?

No CVSS data available.

CWE

Request Smuggling, Response Splitting

Assigner

apache

References

URL

Tags

	https://support.apple.com/HT208221	x_refsource_CONFIRM
	http://www.debian.org/security/2017/dsa-3796	vendor-advisoryx_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2017:1721	vendor-advisoryx_refsource_REDHAT
	http://www.securitytracker.com/id/1037508	vdb-entryx_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2017:1413	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1161	vendor-advisoryx_refsource_REDHAT
	https://www.tenable.com/security/tns-2017-04	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2017:1414	vendor-advisoryx_refsource_REDHAT
	https://h20566.www2.hpe.com/hpsc/doc/public/displ…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/95077	vdb-entryx_refsource_BID
	https://h20566.www2.hpe.com/hpsc/doc/public/displ…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2017-1415.html	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:0906	vendor-advisoryx_refsource_REDHAT
	https://httpd.apache.org/security/vulnerabilities…	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201701-36	vendor-advisoryx_refsource_GENTOO
	https://security.netapp.com/advisory/ntap-2018042…	x_refsource_CONFIRM
	https://lists.apache.org/thread.html/56c2e7cc9deb…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/84a3714f0878…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/8d63cb8e9100…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/f7f95ac1cd98…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r57608dc51b7…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rd18c3c43602…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/re3d27b6250a…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rfbaf647d52c…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rf6449464fd8…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r9ea3538f229…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rc998b18880d…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/re1e3a24664d…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r04e89e873d5…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rdca61ae9906…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r9f93cf6dde3…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r6521a7f6227…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rcc44594d4d6…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r94284b13954…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r4fe84db67fe…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r09b8a39d126…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rfcb6c7b9e7c…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rad01d817195…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r476d175be0a…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r75cbe9ea3e2…	mailing-listx_refsource_MLIST

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache HTTP Server	Affected: 2.2.0 to 2.2.31, 2.4.1 to 2.4.23

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:34:59.642Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208221"
          },
          {
            "name": "DSA-3796",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3796"
          },
          {
            "name": "RHSA-2017:1721",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1721"
          },
          {
            "name": "1037508",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037508"
          },
          {
            "name": "RHSA-2017:1413",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1413"
          },
          {
            "name": "RHSA-2017:1161",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1161"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2017-04"
          },
          {
            "name": "RHSA-2017:1414",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1414"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03753en_us"
          },
          {
            "name": "95077",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95077"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
          },
          {
            "name": "RHSA-2017:1415",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
          },
          {
            "name": "RHSA-2017:0906",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0906"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743"
          },
          {
            "name": "GLSA-201701-36",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-36"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180423-0001/"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1888217 - /httpd/site/trunk/content/security/json/CVE-2016-8743.json",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r94284b139540e5287ebdd3450682d3e3d187263dd6b75af8fa7d4890%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073163 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2016-8743.json security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4fe84db67fe9dc906c6185e58bbd9913f4356dd555a5c3db490694e5%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1888221 - /httpd/site/trunk/content/security/json/CVE-2016-8743.json",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r09b8a39d1262adbab5528eea73df1b1f93e919bf004ed5a843d9cad1%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073161 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2016-8743.json security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfcb6c7b9e7ca727a7eeeb5f13f89488a03981cfa0e7c3125f18fa239%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "2.2.0 to 2.2.31, 2.4.1 to 2.4.23"
            }
          ]
        }
      ],
      "datePublic": "2016-12-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Request Smuggling, Response Splitting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-06T10:11:24.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208221"
        },
        {
          "name": "DSA-3796",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3796"
        },
        {
          "name": "RHSA-2017:1721",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1721"
        },
        {
          "name": "1037508",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037508"
        },
        {
          "name": "RHSA-2017:1413",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1413"
        },
        {
          "name": "RHSA-2017:1161",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1161"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2017-04"
        },
        {
          "name": "RHSA-2017:1414",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1414"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03753en_us"
        },
        {
          "name": "95077",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95077"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
        },
        {
          "name": "RHSA-2017:1415",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
        },
        {
          "name": "RHSA-2017:0906",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0906"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743"
        },
        {
          "name": "GLSA-201701-36",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-36"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180423-0001/"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1888217 - /httpd/site/trunk/content/security/json/CVE-2016-8743.json",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r94284b139540e5287ebdd3450682d3e3d187263dd6b75af8fa7d4890%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073163 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2016-8743.json security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4fe84db67fe9dc906c6185e58bbd9913f4356dd555a5c3db490694e5%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1888221 - /httpd/site/trunk/content/security/json/CVE-2016-8743.json",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r09b8a39d1262adbab5528eea73df1b1f93e919bf004ed5a843d9cad1%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073161 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2016-8743.json security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfcb6c7b9e7ca727a7eeeb5f13f89488a03981cfa0e7c3125f18fa239%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "DATE_PUBLIC": "2016-12-20T00:00:00",
          "ID": "CVE-2016-8743",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache HTTP Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.2.0 to 2.2.31, 2.4.1 to 2.4.23"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Request Smuggling, Response Splitting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT208221",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208221"
            },
            {
              "name": "DSA-3796",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3796"
            },
            {
              "name": "RHSA-2017:1721",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1721"
            },
            {
              "name": "1037508",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037508"
            },
            {
              "name": "RHSA-2017:1413",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1413"
            },
            {
              "name": "RHSA-2017:1161",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1161"
            },
            {
              "name": "https://www.tenable.com/security/tns-2017-04",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2017-04"
            },
            {
              "name": "RHSA-2017:1414",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1414"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03753en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03753en_us"
            },
            {
              "name": "95077",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95077"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
            },
            {
              "name": "RHSA-2017:1415",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
            },
            {
              "name": "RHSA-2017:0906",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:0906"
            },
            {
              "name": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743",
              "refsource": "CONFIRM",
              "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743"
            },
            {
              "name": "GLSA-201701-36",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-36"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180423-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180423-0001/"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1888217 - /httpd/site/trunk/content/security/json/CVE-2016-8743.json",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r94284b139540e5287ebdd3450682d3e3d187263dd6b75af8fa7d4890@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073163 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2016-8743.json security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4fe84db67fe9dc906c6185e58bbd9913f4356dd555a5c3db490694e5@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1888221 - /httpd/site/trunk/content/security/json/CVE-2016-8743.json",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r09b8a39d1262adbab5528eea73df1b1f93e919bf004ed5a843d9cad1@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073161 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2016-8743.json security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfcb6c7b9e7ca727a7eeeb5f13f89488a03981cfa0e7c3125f18fa239@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2016-8743",
    "datePublished": "2017-07-27T21:00:00.000Z",
    "dateReserved": "2016-10-18T00:00:00.000Z",
    "dateUpdated": "2024-09-16T17:03:31.158Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

JVNDB-2016-008607

Vulnerability from jvndb - Published: 2017-06-30 15:55 - Updated:2019-07-25 14:14

Severity ?

4.0 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Summary

Vulnerability in Cosminexus HTTP Server and Hitachi Web Server

Details

A vulnerability (CVE-2016-8743) exists in Cosminexus HTTP Server and Hitachi Web Server.

References

Type

URL

	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4975
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-8743
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-4975
	Data Handling(CWE-19)	https://cwe.mitre.org/data/definitions/19.html

Impacted products

Vendor

Product

	Apache Software Foundation	Apache HTTP Server
	Hitachi, Ltd	Cosminexus HTTP Server
	Hitachi, Ltd	Hitachi Application Server
	Hitachi, Ltd	Hitachi Application Server for Developers
	Hitachi, Ltd	Hitachi Web Server
	Hitachi, Ltd	Hitachi IT Operations Director
	Hitachi, Ltd	Job Management Partner 1/IT Desktop Management
	Hitachi, Ltd	Job Management Partner 1/IT Desktop Management - Manager
	Hitachi, Ltd	Job Management Partner 1/Integrated Management
	Hitachi, Ltd	Job Management Partner 1/Performance Management - Web Console
	Hitachi, Ltd	JP1/Automatic Operation
	Hitachi, Ltd	JP1/IT Desktop Management - Manager
	Hitachi, Ltd	JP1/Performance Management
	Hitachi, Ltd	JP1/Automatic Job Management System 3
	Hitachi, Ltd	JP1/Integrated Management
	Hitachi, Ltd	JP1/IT Desktop Management
	Hitachi, Ltd	JP1/Operations Analytics
	Hitachi, Ltd	JP1/Service Support
	Hitachi, Ltd	uCosminexus Application Server
	Hitachi, Ltd	uCosminexus Application Server Enterprise
	Hitachi, Ltd	uCosminexus Application Server Smart Edition
	Hitachi, Ltd	uCosminexus Application Server Standard
	Hitachi, Ltd	uCosminexus Developer
	Hitachi, Ltd	uCosminexus Developer Light
	Hitachi, Ltd	uCosminexus Developer Standard
	Hitachi, Ltd	uCosminexus Primary Server
	Hitachi, Ltd	uCosminexus Service Architect
	Hitachi, Ltd	uCosminexus Service Platform

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-008607.html",
  "dc:date": "2019-07-25T14:14+09:00",
  "dcterms:issued": "2017-06-30T15:55+09:00",
  "dcterms:modified": "2019-07-25T14:14+09:00",
  "description": "A vulnerability (CVE-2016-8743) exists in Cosminexus HTTP Server and Hitachi Web Server.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-008607.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:apache:http_server",
      "@product": "Apache HTTP Server",
      "@vendor": "Apache Software Foundation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_http_server",
      "@product": "Cosminexus HTTP Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_application_server",
      "@product": "Hitachi Application Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_application_server_for_developers",
      "@product": "Hitachi Application Server for Developers",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_web_server",
      "@product": "Hitachi Web Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:it_operations_director",
      "@product": "Hitachi IT Operations Director",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:job_management_partner_1%2Fit_desktop_management",
      "@product": "Job Management Partner 1/IT Desktop Management",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:job_management_partner_1%2Fit_desktop_management-manager",
      "@product": "Job Management Partner 1/IT Desktop Management - Manager",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:job_management_partner_1_integrated_management",
      "@product": "Job Management Partner 1/Integrated Management",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:job_management_partner_1_performance_management_web_console",
      "@product": "Job Management Partner 1/Performance Management - Web Console",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:jp1%2fautomatic_operation",
      "@product": "JP1/Automatic Operation",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:jp1%2Fit_desktop_management-manager",
      "@product": "JP1/IT Desktop Management - Manager",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:jp1%2fperformance_management",
      "@product": "JP1/Performance Management",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:jp1_automatic_job_management_system_3",
      "@product": "JP1/Automatic Job Management System 3",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:jp1_integrated_management",
      "@product": "JP1/Integrated Management",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:jp1_it_desktop_management",
      "@product": "JP1/IT Desktop Management",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:jp1_operation_analytics",
      "@product": "JP1/Operations Analytics",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:jp1_service_support",
      "@product": "JP1/Service Support",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server",
      "@product": "uCosminexus Application Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
      "@product": "uCosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition",
      "@product": "uCosminexus Application Server Smart Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
      "@product": "uCosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer",
      "@product": "uCosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_light",
      "@product": "uCosminexus Developer Light",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
      "@product": "uCosminexus Developer Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_primary_server",
      "@product": "uCosminexus Primary Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_architect",
      "@product": "uCosminexus Service Architect",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_platform",
      "@product": "uCosminexus Service Platform",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-008607",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743",
      "@id": "CVE-2016-8743",
      "@source": "CVE"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4975",
      "@id": "CVE-2016-4975",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-8743",
      "@id": "CVE-2016-8743",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4975",
      "@id": "CVE-2016-4975",
      "@source": "NVD"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/19.html",
      "@id": "CWE-19",
      "@title": "Data Handling(CWE-19)"
    }
  ],
  "title": "Vulnerability in Cosminexus HTTP Server and Hitachi Web Server"
}

CERTFR-2017-AVI-231

Vulnerability from certfr_avis - Published: 2017-07-20 - Updated: 2017-07-20

De multiples vulnérabilités ont été corrigées dans Oracle VM Server pour x86 et Oracle Linux. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Oracle	N/A	Oracle Linux versions 5, 6 et 7
	Oracle	N/A	Oracle VM Server pour x86 versions 3.2, 3.3 et 3.4

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle VM Server pour x86 Linux du 17 juillet 2017	None	vendor-advisory
Bulletin de sécurité Oracle Linux du 17 juillet 2017	None	vendor-advisory
Bulletin de sécurité VM Server pour x86 Linux du 17 juillet 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Linux versions 5, 6 et 7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle VM Server pour x86 versions 3.2, 3.3 et 3.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-7895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7895"
    },
    {
      "name": "CVE-2017-7752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7752"
    },
    {
      "name": "CVE-2017-9524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9524"
    },
    {
      "name": "CVE-2017-5472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5472"
    },
    {
      "name": "CVE-2017-9462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9462"
    },
    {
      "name": "CVE-2017-7645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7645"
    },
    {
      "name": "CVE-2017-3142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3142"
    },
    {
      "name": "CVE-2017-7772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7772"
    },
    {
      "name": "CVE-2017-7777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7777"
    },
    {
      "name": "CVE-2017-6214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6214"
    },
    {
      "name": "CVE-2017-9148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9148"
    },
    {
      "name": "CVE-2017-7778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7778"
    },
    {
      "name": "CVE-2017-3143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3143"
    },
    {
      "name": "CVE-2017-7776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7776"
    },
    {
      "name": "CVE-2017-7757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7757"
    },
    {
      "name": "CVE-2017-7758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7758"
    },
    {
      "name": "CVE-2017-2583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2583"
    },
    {
      "name": "CVE-2017-7771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7771"
    },
    {
      "name": "CVE-2017-1000366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000366"
    },
    {
      "name": "CVE-2017-1000368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000368"
    },
    {
      "name": "CVE-2017-7775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7775"
    },
    {
      "name": "CVE-2017-7477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7477"
    },
    {
      "name": "CVE-2017-7750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7750"
    },
    {
      "name": "CVE-2017-1000364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000364"
    },
    {
      "name": "CVE-2017-7754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7754"
    },
    {
      "name": "CVE-2017-7773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7773"
    },
    {
      "name": "CVE-2017-7749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7749"
    },
    {
      "name": "CVE-2017-7764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7764"
    },
    {
      "name": "CVE-2017-7751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7751"
    },
    {
      "name": "CVE-2017-5470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5470"
    },
    {
      "name": "CVE-2017-7756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7756"
    },
    {
      "name": "CVE-2016-8743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8743"
    },
    {
      "name": "CVE-2017-7774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7774"
    }
  ],
  "initial_release_date": "2017-07-20T00:00:00",
  "last_revision_date": "2017-07-20T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VM Server pour x86 Linux du 17 juillet    2017",
      "url": "https://www.oracle.com/technetwork/topics/security/ovmbulletinjul2017-3832369.html"
    }
  ],
  "reference": "CERTFR-2017-AVI-231",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-07-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle VM Server pour x86 et Oracle Linux\u003c/span\u003e.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle VM Server pour x86 et Oracle Linux",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle VM Server pour x86 Linux du 17 juillet 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle Linux du 17 juillet 2017",
      "url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinjul2017-3832368.html"
    }
  ]
}

CERTFR-2023-AVI-0051

Vulnerability from certfr_avis - Published: 2023-01-23 - Updated: 2023-01-23

De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	NorthStar Controller versions antérieures à 6.2.3
Juniper Networks	N/A	Contrail Cloud versions antérieures à 13.7.0
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 19.2R3-EVO, 19.3R3-EVO, 19.4R3-EVO, 20.1R3-EVO, 20.2R2-EVO, 20.3R1-EVO, 20.4R2-EVO, 20.4R3-S3-EVO, 20.4R3-S4-EVO, 21.1R2-EVO, 21.2R1-EVO, 21.2R3-S4-EVO, 21.3R2-EVO, 21.3R3-EVO, 21.3R3-S1-EVO, 21.4R1-EVO, 21.4R2-EVO, 21.4R2-S1-EVO, 21.4R2-S2-EVO, 21.4R3-EVO, 22.1R1-EVO, 22.1R1-S2-EVO, 22.1R2-EVO, 22.1R3-EVO, 22.2R1-EVO, 22.2R1-S1-EVO, 22.2R2-EVO et 22.3R1-EVO
Juniper Networks	N/A	Juniper Networks Contrail Service Orchestration (CSO) versions antérieures à 6.3.0
Juniper Networks	Junos OS	Junos OS versions antérieures à 15.1R7-S12, 18.4R2-S7, 19.1R3-S2, 19.1R3-S9, 19.2R1-S9, 19.2R3, 19.2R3-S5, 19.2R3-S6, 19.3R3, 19.3R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R2-S8, 19.4R3, 19.4R3-S10, 19.4R3-S8, 19.4R3-S9, 20.1R2, 20.1R3-S4, 20.2R2, 20.2R3-S5, 20.2R3-S6, 20.2R3-S7, 20.3R1, 20.3R3-S4, 20.3R3-S5, 20.3R3-S6, 20.4R1, 20.4R3-S3, 20.4R3-S4, 20.4R3-S5, 21.1R1-S1, 21.1R2, 21.1R3, 21.1R3-S3, 21.1R3-S4, 21.1R3-S5, 21.2R1, 21.2R3, 21.2R3-S1, 21.2R3-S2, 21.2R3-S3, 21.3R2, 21.3R3, 21.3R3-S1, 21.3R3-S2, 21.3R3-S3, 21.4R2, 21.4R2-S1, 21.4R2-S2, 21.4R3, 21.4R3-S1, 21.4R3-S2, 22.1R1, 22.1R1-S2, 22.1R2, 22.1R2-S1, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.2R1, 22.2R1-S1, 22.2R1-S2, 22.2R2, 22.2R3, 22.3R1, 22.3R1-S1, 22.3R2 et 22.4R1
Juniper Networks	Junos Space	Junos Space versions antérieures à 22.3R1
Juniper Networks	N/A	Cloud Native Contrail Networking versions antérieures à R22.3

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA70195 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70183 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70203 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70192 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70213 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70193 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70181 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70186 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70179 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70208 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70201 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70209 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70187 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70199 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70180 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70198 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70196 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70197 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70202 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70190 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70191 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA69903 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70204 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70200 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70212 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70185 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70211 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70210 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70206 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70205 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70182 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70189 du 11 janvier 2023	None	vendor-advisory
Bulletin de sécurité Juniper JSA70207 du 11 janvier 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "NorthStar Controller versions ant\u00e9rieures \u00e0 6.2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Contrail Cloud versions ant\u00e9rieures \u00e0 13.7.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 19.2R3-EVO, 19.3R3-EVO, 19.4R3-EVO, 20.1R3-EVO, 20.2R2-EVO, 20.3R1-EVO, 20.4R2-EVO, 20.4R3-S3-EVO, 20.4R3-S4-EVO, 21.1R2-EVO, 21.2R1-EVO, 21.2R3-S4-EVO, 21.3R2-EVO, 21.3R3-EVO, 21.3R3-S1-EVO, 21.4R1-EVO, 21.4R2-EVO, 21.4R2-S1-EVO, 21.4R2-S2-EVO, 21.4R3-EVO, 22.1R1-EVO, 22.1R1-S2-EVO, 22.1R2-EVO, 22.1R3-EVO, 22.2R1-EVO, 22.2R1-S1-EVO, 22.2R2-EVO et 22.3R1-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks Contrail Service Orchestration (CSO) versions ant\u00e9rieures \u00e0 6.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 15.1R7-S12, 18.4R2-S7, 19.1R3-S2, 19.1R3-S9, 19.2R1-S9, 19.2R3, 19.2R3-S5, 19.2R3-S6, 19.3R3, 19.3R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R2-S8, 19.4R3, 19.4R3-S10, 19.4R3-S8, 19.4R3-S9, 20.1R2, 20.1R3-S4, 20.2R2, 20.2R3-S5, 20.2R3-S6, 20.2R3-S7, 20.3R1, 20.3R3-S4, 20.3R3-S5, 20.3R3-S6, 20.4R1, 20.4R3-S3, 20.4R3-S4, 20.4R3-S5, 21.1R1-S1, 21.1R2, 21.1R3, 21.1R3-S3, 21.1R3-S4, 21.1R3-S5, 21.2R1, 21.2R3, 21.2R3-S1, 21.2R3-S2, 21.2R3-S3, 21.3R2, 21.3R3, 21.3R3-S1, 21.3R3-S2, 21.3R3-S3, 21.4R2, 21.4R2-S1, 21.4R2-S2, 21.4R3, 21.4R3-S1, 21.4R3-S2, 22.1R1, 22.1R1-S2, 22.1R2, 22.1R2-S1, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.2R1, 22.2R1-S1, 22.2R1-S2, 22.2R2, 22.2R3, 22.3R1, 22.3R1-S1, 22.3R2 et 22.4R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 22.3R1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Native Contrail Networking versions ant\u00e9rieures \u00e0 R22.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-40085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40085"
    },
    {
      "name": "CVE-2022-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
    },
    {
      "name": "CVE-2020-14621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
    },
    {
      "name": "CVE-2023-22403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22403"
    },
    {
      "name": "CVE-2020-8696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
    },
    {
      "name": "CVE-2020-14803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14803"
    },
    {
      "name": "CVE-2023-22393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22393"
    },
    {
      "name": "CVE-2022-21426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
    },
    {
      "name": "CVE-2021-45960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
    },
    {
      "name": "CVE-2023-22407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22407"
    },
    {
      "name": "CVE-2021-35586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
    },
    {
      "name": "CVE-2023-22394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22394"
    },
    {
      "name": "CVE-2020-8695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
    },
    {
      "name": "CVE-2021-30465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30465"
    },
    {
      "name": "CVE-2021-35550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
    },
    {
      "name": "CVE-2023-22404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22404"
    },
    {
      "name": "CVE-2020-14562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14562"
    },
    {
      "name": "CVE-2021-35567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
    },
    {
      "name": "CVE-2020-14579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
    },
    {
      "name": "CVE-2021-33034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
    },
    {
      "name": "CVE-2021-42574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42574"
    },
    {
      "name": "CVE-2021-2163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
    },
    {
      "name": "CVE-2023-22405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22405"
    },
    {
      "name": "CVE-2022-22823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
    },
    {
      "name": "CVE-2021-2161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2161"
    },
    {
      "name": "CVE-2021-2341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
    },
    {
      "name": "CVE-2020-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0466"
    },
    {
      "name": "CVE-2021-26691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
    },
    {
      "name": "CVE-2021-27219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27219"
    },
    {
      "name": "CVE-2022-38178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38178"
    },
    {
      "name": "CVE-2023-22409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22409"
    },
    {
      "name": "CVE-2020-14593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
    },
    {
      "name": "CVE-2021-2160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2160"
    },
    {
      "name": "CVE-2023-22416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22416"
    },
    {
      "name": "CVE-2020-14797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14797"
    },
    {
      "name": "CVE-2020-14798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14798"
    },
    {
      "name": "CVE-2021-29154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29154"
    },
    {
      "name": "CVE-2020-15778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15778"
    },
    {
      "name": "CVE-2007-6755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6755"
    },
    {
      "name": "CVE-2022-21299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
    },
    {
      "name": "CVE-2022-38177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38177"
    },
    {
      "name": "CVE-2021-2180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2180"
    },
    {
      "name": "CVE-2020-14578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
    },
    {
      "name": "CVE-2021-2385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2385"
    },
    {
      "name": "CVE-2020-26116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
    },
    {
      "name": "CVE-2022-21624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
    },
    {
      "name": "CVE-2021-2194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2194"
    },
    {
      "name": "CVE-2022-21305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21305"
    },
    {
      "name": "CVE-2022-21166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21166"
    },
    {
      "name": "CVE-2020-14556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
    },
    {
      "name": "CVE-2020-36385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
    },
    {
      "name": "CVE-2020-14792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14792"
    },
    {
      "name": "CVE-2020-25704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25704"
    },
    {
      "name": "CVE-2022-25315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
    },
    {
      "name": "CVE-2022-22822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
    },
    {
      "name": "CVE-2018-8046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8046"
    },
    {
      "name": "CVE-2020-1971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
    },
    {
      "name": "CVE-2021-2202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2202"
    },
    {
      "name": "CVE-2023-22402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22402"
    },
    {
      "name": "CVE-2022-21626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
    },
    {
      "name": "CVE-2021-3450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
    },
    {
      "name": "CVE-2020-14781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14781"
    },
    {
      "name": "CVE-2021-2307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2307"
    },
    {
      "name": "CVE-2023-22400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22400"
    },
    {
      "name": "CVE-2021-27363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27363"
    },
    {
      "name": "CVE-2022-21366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21366"
    },
    {
      "name": "CVE-2022-0934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0934"
    },
    {
      "name": "CVE-2021-35559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
    },
    {
      "name": "CVE-2021-3573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
    },
    {
      "name": "CVE-2022-21291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21291"
    },
    {
      "name": "CVE-2021-39275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
    },
    {
      "name": "CVE-2021-27364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27364"
    },
    {
      "name": "CVE-2021-2146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2146"
    },
    {
      "name": "CVE-2021-35565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
    },
    {
      "name": "CVE-2021-2432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2432"
    },
    {
      "name": "CVE-2016-4658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
    },
    {
      "name": "CVE-2021-2174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2174"
    },
    {
      "name": "CVE-2020-0549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
    },
    {
      "name": "CVE-2021-35603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
    },
    {
      "name": "CVE-2022-23852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
    },
    {
      "name": "CVE-2022-2526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2526"
    },
    {
      "name": "CVE-2020-12364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12364"
    },
    {
      "name": "CVE-2022-22825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
    },
    {
      "name": "CVE-2021-4083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
    },
    {
      "name": "CVE-2023-22397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22397"
    },
    {
      "name": "CVE-2020-14796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14796"
    },
    {
      "name": "CVE-2022-21125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21125"
    },
    {
      "name": "CVE-2022-0330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
    },
    {
      "name": "CVE-2019-1543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1543"
    },
    {
      "name": "CVE-2021-2389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2389"
    },
    {
      "name": "CVE-2020-8698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
    },
    {
      "name": "CVE-2017-12613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12613"
    },
    {
      "name": "CVE-2021-27365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27365"
    },
    {
      "name": "CVE-2020-8648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
    },
    {
      "name": "CVE-2022-21628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
    },
    {
      "name": "CVE-2022-25235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
    },
    {
      "name": "CVE-2020-27170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27170"
    },
    {
      "name": "CVE-2023-22399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22399"
    },
    {
      "name": "CVE-2021-2369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
    },
    {
      "name": "CVE-2018-25032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
    },
    {
      "name": "CVE-2021-2390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2390"
    },
    {
      "name": "CVE-2021-2144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2144"
    },
    {
      "name": "CVE-2022-32250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32250"
    },
    {
      "name": "CVE-2021-2154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2154"
    },
    {
      "name": "CVE-2023-22398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22398"
    },
    {
      "name": "CVE-2021-46143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
    },
    {
      "name": "CVE-2021-23017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23017"
    },
    {
      "name": "CVE-2020-14581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14581"
    },
    {
      "name": "CVE-2020-12363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12363"
    },
    {
      "name": "CVE-2021-2162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2162"
    },
    {
      "name": "CVE-2021-2388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
    },
    {
      "name": "CVE-2023-22401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22401"
    },
    {
      "name": "CVE-2022-22942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
    },
    {
      "name": "CVE-2023-22396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22396"
    },
    {
      "name": "CVE-2021-2171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2171"
    },
    {
      "name": "CVE-2021-34798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
    },
    {
      "name": "CVE-2020-24489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
    },
    {
      "name": "CVE-2023-22417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22417"
    },
    {
      "name": "CVE-2021-2178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2178"
    },
    {
      "name": "CVE-2020-14573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14573"
    },
    {
      "name": "CVE-2022-21365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21365"
    },
    {
      "name": "CVE-2020-24513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24513"
    },
    {
      "name": "CVE-2022-21123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21123"
    },
    {
      "name": "CVE-2022-21283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21283"
    },
    {
      "name": "CVE-2022-21449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21449"
    },
    {
      "name": "CVE-2022-1271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
    },
    {
      "name": "CVE-2021-22543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
    },
    {
      "name": "CVE-2020-14782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14782"
    },
    {
      "name": "CVE-2020-35498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35498"
    },
    {
      "name": "CVE-2023-22406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22406"
    },
    {
      "name": "CVE-2021-33909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
    },
    {
      "name": "CVE-2020-27827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27827"
    },
    {
      "name": "CVE-2023-22391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22391"
    },
    {
      "name": "CVE-2019-20934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20934"
    },
    {
      "name": "CVE-2021-28950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
    },
    {
      "name": "CVE-2021-29650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
    },
    {
      "name": "CVE-2021-3715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3715"
    },
    {
      "name": "CVE-2020-36322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36322"
    },
    {
      "name": "CVE-2021-4155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
    },
    {
      "name": "CVE-2022-21434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
    },
    {
      "name": "CVE-2023-22412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22412"
    },
    {
      "name": "CVE-2021-3564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
    },
    {
      "name": "CVE-2021-3621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3621"
    },
    {
      "name": "CVE-2021-42739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42739"
    },
    {
      "name": "CVE-2021-3156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
    },
    {
      "name": "CVE-2022-21294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21294"
    },
    {
      "name": "CVE-2021-3752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
    },
    {
      "name": "CVE-2023-22415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22415"
    },
    {
      "name": "CVE-2022-29154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29154"
    },
    {
      "name": "CVE-2020-14779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14779"
    },
    {
      "name": "CVE-2021-3177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
    },
    {
      "name": "CVE-2022-0492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
    },
    {
      "name": "CVE-2022-22827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
    },
    {
      "name": "CVE-2022-34169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
    },
    {
      "name": "CVE-2007-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2285"
    },
    {
      "name": "CVE-2020-28196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28196"
    },
    {
      "name": "CVE-2020-12362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12362"
    },
    {
      "name": "CVE-2021-22555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22555"
    },
    {
      "name": "CVE-2022-21341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21341"
    },
    {
      "name": "CVE-2021-3347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
    },
    {
      "name": "CVE-2022-25236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
    },
    {
      "name": "CVE-2022-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
    },
    {
      "name": "CVE-2021-37576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37576"
    },
    {
      "name": "CVE-2020-26137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26137"
    },
    {
      "name": "CVE-2021-35578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
    },
    {
      "name": "CVE-2021-2226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2226"
    },
    {
      "name": "CVE-2023-22410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22410"
    },
    {
      "name": "CVE-2021-0920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
    },
    {
      "name": "CVE-2020-14583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
    },
    {
      "name": "CVE-2023-22408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22408"
    },
    {
      "name": "CVE-2022-21340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21340"
    },
    {
      "name": "CVE-2021-2342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2342"
    },
    {
      "name": "CVE-2022-22720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
    },
    {
      "name": "CVE-2022-21293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21293"
    },
    {
      "name": "CVE-2022-21549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21549"
    },
    {
      "name": "CVE-2020-14871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14871"
    },
    {
      "name": "CVE-2022-21282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21282"
    },
    {
      "name": "CVE-2022-21349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21349"
    },
    {
      "name": "CVE-2021-3712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
    },
    {
      "name": "CVE-2022-1729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1729"
    },
    {
      "name": "CVE-2021-2179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2179"
    },
    {
      "name": "CVE-2021-3504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3504"
    },
    {
      "name": "CVE-2021-2169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2169"
    },
    {
      "name": "CVE-2023-22414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22414"
    },
    {
      "name": "CVE-2022-21248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21248"
    },
    {
      "name": "CVE-2023-22411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22411"
    },
    {
      "name": "CVE-2020-14145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14145"
    },
    {
      "name": "CVE-2022-21277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21277"
    },
    {
      "name": "CVE-2021-32399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32399"
    },
    {
      "name": "CVE-2021-35564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
    },
    {
      "name": "CVE-2022-22826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
    },
    {
      "name": "CVE-2021-23840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
    },
    {
      "name": "CVE-2020-24512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
    },
    {
      "name": "CVE-2022-21496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21496"
    },
    {
      "name": "CVE-2020-11668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11668"
    },
    {
      "name": "CVE-2019-11287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11287"
    },
    {
      "name": "CVE-2021-44790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
    },
    {
      "name": "CVE-2021-35556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
    },
    {
      "name": "CVE-2020-24511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
    },
    {
      "name": "CVE-2021-33033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33033"
    },
    {
      "name": "CVE-2021-4028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4028"
    },
    {
      "name": "CVE-2022-21443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21443"
    },
    {
      "name": "CVE-2021-3765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3765"
    },
    {
      "name": "CVE-2021-23841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
    },
    {
      "name": "CVE-2021-40438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"
    },
    {
      "name": "CVE-2020-0543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
    },
    {
      "name": "CVE-2021-4034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
    },
    {
      "name": "CVE-2022-24903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24903"
    },
    {
      "name": "CVE-2022-22824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
    },
    {
      "name": "CVE-2019-1551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
    },
    {
      "name": "CVE-2016-8743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8743"
    },
    {
      "name": "CVE-2021-2372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2372"
    },
    {
      "name": "CVE-2022-21619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
    },
    {
      "name": "CVE-2021-25217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25217"
    },
    {
      "name": "CVE-2021-35561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
    },
    {
      "name": "CVE-2022-21476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
    },
    {
      "name": "CVE-2020-0548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
    },
    {
      "name": "CVE-2020-28469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
    },
    {
      "name": "CVE-2022-21541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
    },
    {
      "name": "CVE-2020-0465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0465"
    },
    {
      "name": "CVE-2016-8625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8625"
    },
    {
      "name": "CVE-2021-2166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2166"
    },
    {
      "name": "CVE-2022-21360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21360"
    },
    {
      "name": "CVE-2022-21296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21296"
    },
    {
      "name": "CVE-2022-21540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
    },
    {
      "name": "CVE-2023-22413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22413"
    },
    {
      "name": "CVE-2023-22395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22395"
    },
    {
      "name": "CVE-2021-35940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35940"
    },
    {
      "name": "CVE-2020-14577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
    }
  ],
  "initial_release_date": "2023-01-23T00:00:00",
  "last_revision_date": "2023-01-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0051",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-01-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70195 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-QFX10K-Series-PFE-crash-upon-receipt-of-specific-genuine-packets-when-sFlow-is-enabled-CVE-2023-22399?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70183 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Contrail-Cloud-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Cloud-release-13-7-0?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70203 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-RPD-crash-can-happen-due-to-an-MPLS-TE-tunnel-configuration-change-on-a-directly-connected-router-CVE-2023-22407?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70192 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Receipt-of-crafted-TCP-packets-on-Ethernet-console-port-results-in-MBUF-leak-leading-to-Denial-of-Service-DoS-CVE-2023-22396?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70213 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-A-memory-leak-might-be-observed-in-IPsec-VPN-scenario-leading-to-an-FPC-crash-CVE-2023-22417?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70193 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-PTX10003-An-attacker-sending-specific-genuine-packets-will-cause-a-memory-leak-in-the-PFE-leading-to-a-Denial-of-Service-CVE-2023-22397?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70181 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-might-crash-when-MPLS-ping-is-performed-on-BGP-LSPs-CVE-2023-22398?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70186 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-OpenSSL?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70179 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Northstar-Controller-Pivotal-RabbitMQ-contains-a-web-management-plugin-that-is-vulnerable-to-a-Denial-of-Service-DoS-attack-CVE-2019-11287?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70208 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-and-SRX-Series-The-flowd-daemon-will-crash-if-the-SIP-ALG-is-enabled-and-specific-SIP-messages-are-processed-CVE-2023-22412?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70201 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-QFX5k-Series-EX46xx-Series-MAC-limiting-feature-stops-working-after-PFE-restart-device-reboot--CVE-2023-22405?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70209 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-FPC-crash-when-an-IPsec6-tunnel-processes-specific-IPv4-packets-CVE-2023-22413?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70187 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-ACX2K-Series-Receipt-of-a-high-rate-of-specific-traffic-will-lead-to-a-Denial-of-Service-DoS-CVE-2023-22391?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70199 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-QFX10k-Series-ICCP-flap-will-be-observed-due-to-excessive-specific-traffic-CVE-2023-22403?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70180 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-OpenSSL-Infinite-loop-in-BN-mod-sqrt-reachable-when-parsing-certificates-CVE-2022-0778?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70198 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-The-kernel-might-restart-in-a-BGP-scenario-where-bgp-auto-discovery-is-enabled-and-such-a-neighbor-flaps-CVE-2023-22402?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70196 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-A-specific-SNMP-GET-operation-and-a-specific-CLI-commands-cause-resources-to-leak-and-eventually-the-evo-pfemand-process-will-crash-CVE-2023-22400?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70197 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-PTX10008-PTX10016-When-a-specific-SNMP-MIB-is-queried-the-FPC-will-crash-CVE-2023-22401?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70202 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-memory-leak-which-will-ultimately-lead-to-an-rpd-crash-will-be-observed-when-a-peer-interface-flaps-continuously-in-a-Segment-Routing-scenario-CVE-2023-22406?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70190 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-Memory-leak-due-to-receipt-of-specially-crafted-SIP-calls-CVE-2023-22394?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70191 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-In-an-MPLS-scenario-the-processing-of-specific-packets-to-the-device-causes-a-buffer-leak-and-ultimately-a-loss-of-connectivity-CVE-2023-22395?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69903 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-R22-3?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70204 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-5000-Series-Upon-processing-of-a-specific-SIP-packet-an-FPC-can-crash-CVE-2023-22408?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70200 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-When-IPsec-VPN-is-configured-iked-will-core-when-a-specifically-formatted-payload-is-received-CVE-2023-22404?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70212 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-The-flowd-daemon-will-crash-if-SIP-ALG-is-enabled-and-a-malicious-SIP-packet-is-received-CVE-2023-22416?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70185 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-3R1-release?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70211 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-and-SRX-Series-The-flow-processing-daemon-flowd-will-crash-when-a-specific-H-323-packet-is-received-CVE-2023-22415?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70210 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-PTX-Series-and-QFX10000-Series-An-FPC-memory-leak-is-observed-when-specific-multicast-packets-are-processed-CVE-2023-22414?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70206 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-with-MPC10-MPC11-When-Suspicious-Control-Flow-Detection-scfd-is-enabled-and-an-attacker-is-sending-specific-traffic-this-causes-a-memory-leak-CVE-2023-22410?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70205 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-MX-Series-with-SPC3-When-an-inconsistent-NAT-configuration-exists-and-a-specific-CLI-command-is-issued-the-SPC-will-reboot-CVE-2023-22409?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70182 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Contrail-Service-Orchestration-Multiple-vulnerabilities-resolved-in-CSO-6-3-0?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70189 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-crash-upon-receipt-of-BGP-route-with-invalid-next-hop-CVE-2023-22393?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70207 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-The-flowd-daemon-will-crash-when-Unified-Policies-are-used-with-IPv6-and-certain-dynamic-applications-are-rejected-by-the-device-CVE-2023-22411?language=en_US"
    }
  ]
}

CERTFR-2017-AVI-385

Vulnerability from certfr_avis - Published: 2017-11-02 - Updated: 2017-11-02

De multiples vulnérabilités ont été découvertes dans les produits Apple . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	iOS versions antérieures à 11.1
Apple	N/A	watchOS versions antérieures à 4.1
Apple	macOS	macOS Sierra versions sans le correctif de sécurité 2017-001
Apple	N/A	tvOS versions antérieures à 11.1
Apple	macOS	macOS El Capitan sans le correctif de sécurité 2017-004
Apple	N/A	iTunes versions antérieures à 12.7.1 sur Windows
Apple	N/A	iCloud pour Windows versions antérieures à 7.1
Apple	Safari	Safari versions antérieures à 11.0.1
Apple	macOS	macOS High Sierra versions antérieures à 10.13.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT208225 du 31 octobre 2017	None	vendor-advisory
Bulletin de sécurité Apple HT208222 du 31 octobre 2017	None	vendor-advisory
Bulletin de sécurité Apple HT208219 du 31 octobre 2017	None	vendor-advisory
Bulletin de sécurité Apple HT208223 du 31 octobre 2017	None	vendor-advisory
Bulletin de sécurité Apple HT208220 du 31 octobre 2017	None	vendor-advisory
Bulletin de sécurité Apple HT208221 du 31 octobre 2017	None	vendor-advisory
Bulletin de sécurité Apple HT208224 du 31 octobre 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 11.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 4.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Sierra versions sans le correctif de s\u00e9curit\u00e9 2017-001",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 11.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS El Capitan sans le correctif de s\u00e9curit\u00e9 2017-004",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iTunes versions ant\u00e9rieures \u00e0 12.7.1 sur Windows",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 7.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 11.0.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS High Sierra versions ant\u00e9rieures \u00e0 10.13.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-13802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13802"
    },
    {
      "name": "CVE-2017-13818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13818"
    },
    {
      "name": "CVE-2017-13052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13052"
    },
    {
      "name": "CVE-2017-12993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12993"
    },
    {
      "name": "CVE-2017-13018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13018"
    },
    {
      "name": "CVE-2017-13043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13043"
    },
    {
      "name": "CVE-2017-3169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3169"
    },
    {
      "name": "CVE-2017-9789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9789"
    },
    {
      "name": "CVE-2017-7659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7659"
    },
    {
      "name": "CVE-2016-4736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4736"
    },
    {
      "name": "CVE-2017-13050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13050"
    },
    {
      "name": "CVE-2017-13816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13816"
    },
    {
      "name": "CVE-2017-13798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13798"
    },
    {
      "name": "CVE-2017-11108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11108"
    },
    {
      "name": "CVE-2017-13017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13017"
    },
    {
      "name": "CVE-2017-13831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13831"
    },
    {
      "name": "CVE-2017-11543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11543"
    },
    {
      "name": "CVE-2017-13790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13790"
    },
    {
      "name": "CVE-2017-13000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13000"
    },
    {
      "name": "CVE-2017-13807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13807"
    },
    {
      "name": "CVE-2017-13843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13843"
    },
    {
      "name": "CVE-2017-13055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13055"
    },
    {
      "name": "CVE-2017-7668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7668"
    },
    {
      "name": "CVE-2017-13041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13041"
    },
    {
      "name": "CVE-2017-12902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12902"
    },
    {
      "name": "CVE-2017-13834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13834"
    },
    {
      "name": "CVE-2017-13007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13007"
    },
    {
      "name": "CVE-2017-13687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13687"
    },
    {
      "name": "CVE-2017-13078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13078"
    },
    {
      "name": "CVE-2017-12986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12986"
    },
    {
      "name": "CVE-2017-13821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13821"
    },
    {
      "name": "CVE-2017-13033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13033"
    },
    {
      "name": "CVE-2017-13817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13817"
    },
    {
      "name": "CVE-2017-13799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13799"
    },
    {
      "name": "CVE-2017-12901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12901"
    },
    {
      "name": "CVE-2017-13832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13832"
    },
    {
      "name": "CVE-2017-13011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13011"
    },
    {
      "name": "CVE-2017-13046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13046"
    },
    {
      "name": "CVE-2017-13840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13840"
    },
    {
      "name": "CVE-2017-12897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12897"
    },
    {
      "name": "CVE-2017-13809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13809"
    },
    {
      "name": "CVE-2017-13822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13822"
    },
    {
      "name": "CVE-2017-7113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7113"
    },
    {
      "name": "CVE-2017-13800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13800"
    },
    {
      "name": "CVE-2017-13786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13786"
    },
    {
      "name": "CVE-2017-13003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13003"
    },
    {
      "name": "CVE-2017-13815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13815"
    },
    {
      "name": "CVE-2017-13013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13013"
    },
    {
      "name": "CVE-2017-13001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13001"
    },
    {
      "name": "CVE-2017-13009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13009"
    },
    {
      "name": "CVE-2017-1000101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000101"
    },
    {
      "name": "CVE-2016-8740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8740"
    },
    {
      "name": "CVE-2017-13048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13048"
    },
    {
      "name": "CVE-2017-13054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13054"
    },
    {
      "name": "CVE-2017-13038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13038"
    },
    {
      "name": "CVE-2017-13841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13841"
    },
    {
      "name": "CVE-2017-13010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13010"
    },
    {
      "name": "CVE-2017-12990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12990"
    },
    {
      "name": "CVE-2017-13783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13783"
    },
    {
      "name": "CVE-2017-13047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13047"
    },
    {
      "name": "CVE-2017-12991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12991"
    },
    {
      "name": "CVE-2017-13805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13805"
    },
    {
      "name": "CVE-2017-13811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13811"
    },
    {
      "name": "CVE-2017-13849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13849"
    },
    {
      "name": "CVE-2017-13032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13032"
    },
    {
      "name": "CVE-2017-13801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13801"
    },
    {
      "name": "CVE-2017-13051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13051"
    },
    {
      "name": "CVE-2017-13036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13036"
    },
    {
      "name": "CVE-2017-9788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9788"
    },
    {
      "name": "CVE-2017-13844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13844"
    },
    {
      "name": "CVE-2016-2161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2161"
    },
    {
      "name": "CVE-2017-13795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13795"
    },
    {
      "name": "CVE-2017-13690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13690"
    },
    {
      "name": "CVE-2017-13838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13838"
    },
    {
      "name": "CVE-2017-11542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11542"
    },
    {
      "name": "CVE-2017-13842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13842"
    },
    {
      "name": "CVE-2017-12997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12997"
    },
    {
      "name": "CVE-2017-13045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13045"
    },
    {
      "name": "CVE-2017-13026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13026"
    },
    {
      "name": "CVE-2017-13785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13785"
    },
    {
      "name": "CVE-2016-5387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5387"
    },
    {
      "name": "CVE-2017-13796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13796"
    },
    {
      "name": "CVE-2017-13782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13782"
    },
    {
      "name": "CVE-2017-13784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13784"
    },
    {
      "name": "CVE-2017-13042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13042"
    },
    {
      "name": "CVE-2017-12992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12992"
    },
    {
      "name": "CVE-2017-13027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13027"
    },
    {
      "name": "CVE-2017-13034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13034"
    },
    {
      "name": "CVE-2017-13794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13794"
    },
    {
      "name": "CVE-2017-13015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13015"
    },
    {
      "name": "CVE-2017-13725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13725"
    },
    {
      "name": "CVE-2017-13819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13819"
    },
    {
      "name": "CVE-2017-13044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13044"
    },
    {
      "name": "CVE-2017-12900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12900"
    },
    {
      "name": "CVE-2017-12994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12994"
    },
    {
      "name": "CVE-2017-12998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12998"
    },
    {
      "name": "CVE-2017-13029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13029"
    },
    {
      "name": "CVE-2017-13037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13037"
    },
    {
      "name": "CVE-2017-13788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13788"
    },
    {
      "name": "CVE-2017-7132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7132"
    },
    {
      "name": "CVE-2017-13810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13810"
    },
    {
      "name": "CVE-2017-13039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13039"
    },
    {
      "name": "CVE-2017-13791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13791"
    },
    {
      "name": "CVE-2017-13023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13023"
    },
    {
      "name": "CVE-2017-13020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13020"
    },
    {
      "name": "CVE-2017-13021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13021"
    },
    {
      "name": "CVE-2017-3167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3167"
    },
    {
      "name": "CVE-2017-12896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12896"
    },
    {
      "name": "CVE-2017-13824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13824"
    },
    {
      "name": "CVE-2017-13049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13049"
    },
    {
      "name": "CVE-2017-12999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12999"
    },
    {
      "name": "CVE-2017-13836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13836"
    },
    {
      "name": "CVE-2017-13823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13823"
    },
    {
      "name": "CVE-2017-13846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13846"
    },
    {
      "name": "CVE-2017-12988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12988"
    },
    {
      "name": "CVE-2017-13789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13789"
    },
    {
      "name": "CVE-2017-12985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12985"
    },
    {
      "name": "CVE-2017-12899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12899"
    },
    {
      "name": "CVE-2017-7679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7679"
    },
    {
      "name": "CVE-2017-13014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13014"
    },
    {
      "name": "CVE-2017-12894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12894"
    },
    {
      "name": "CVE-2017-13804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13804"
    },
    {
      "name": "CVE-2017-13024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13024"
    },
    {
      "name": "CVE-2017-13004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13004"
    },
    {
      "name": "CVE-2017-12996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12996"
    },
    {
      "name": "CVE-2017-13830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13830"
    },
    {
      "name": "CVE-2017-12893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12893"
    },
    {
      "name": "CVE-2017-13019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13019"
    },
    {
      "name": "CVE-2017-13030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13030"
    },
    {
      "name": "CVE-2017-13808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13808"
    },
    {
      "name": "CVE-2017-13813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13813"
    },
    {
      "name": "CVE-2017-1000100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000100"
    },
    {
      "name": "CVE-2017-13053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13053"
    },
    {
      "name": "CVE-2017-13040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13040"
    },
    {
      "name": "CVE-2017-13689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13689"
    },
    {
      "name": "CVE-2017-11103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11103"
    },
    {
      "name": "CVE-2017-13005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13005"
    },
    {
      "name": "CVE-2017-13793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13793"
    },
    {
      "name": "CVE-2017-13814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13814"
    },
    {
      "name": "CVE-2017-12987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12987"
    },
    {
      "name": "CVE-2017-13826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13826"
    },
    {
      "name": "CVE-2017-11541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11541"
    },
    {
      "name": "CVE-2017-13025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13025"
    },
    {
      "name": "CVE-2017-13828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13828"
    },
    {
      "name": "CVE-2017-13688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13688"
    },
    {
      "name": "CVE-2017-13820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13820"
    },
    {
      "name": "CVE-2017-12995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12995"
    },
    {
      "name": "CVE-2017-13792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13792"
    },
    {
      "name": "CVE-2017-13031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13031"
    },
    {
      "name": "CVE-2017-13028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13028"
    },
    {
      "name": "CVE-2017-13825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13825"
    },
    {
      "name": "CVE-2016-8743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8743"
    },
    {
      "name": "CVE-2017-13803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13803"
    },
    {
      "name": "CVE-2017-13006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13006"
    },
    {
      "name": "CVE-2017-12895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12895"
    },
    {
      "name": "CVE-2017-13812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13812"
    },
    {
      "name": "CVE-2017-13022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13022"
    },
    {
      "name": "CVE-2017-13012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13012"
    },
    {
      "name": "CVE-2017-13002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13002"
    },
    {
      "name": "CVE-2017-13035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13035"
    },
    {
      "name": "CVE-2017-12989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12989"
    },
    {
      "name": "CVE-2017-13077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13077"
    },
    {
      "name": "CVE-2017-13016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13016"
    },
    {
      "name": "CVE-2017-13080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
    },
    {
      "name": "CVE-2017-12898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12898"
    },
    {
      "name": "CVE-2017-13008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13008"
    }
  ],
  "initial_release_date": "2017-11-02T00:00:00",
  "last_revision_date": "2017-11-02T00:00:00",
  "links": [],
  "reference": "CERTFR-2017-AVI-385",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-11-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple\n. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208225 du 31 octobre 2017",
      "url": "https://support.apple.com/en-us/HT208225"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208222 du 31 octobre 2017",
      "url": "https://support.apple.com/en-us/HT208222"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208219 du 31 octobre 2017",
      "url": "https://support.apple.com/en-us/HT208219"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208223 du 31 octobre 2017",
      "url": "https://support.apple.com/en-us/HT208223"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208220 du 31 octobre 2017",
      "url": "https://support.apple.com/en-us/HT208220"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208221 du 31 octobre 2017",
      "url": "https://support.apple.com/en-us/HT208221"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208224 du 31 octobre 2017",
      "url": "https://support.apple.com/en-us/HT208224"
    }
  ]
}

CERTFR-2017-AVI-121

Vulnerability from certfr_avis - Published: 2017-04-19 - Updated: 2017-04-19

De multiples vulnérabilités ont été corrigées dans Oracle Linux and Virtualization. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	Virtualization	Oracle Secure Global Desktop version 5.3
Oracle	Virtualization	Oracle VM VirtualBox versions 5.1.x antérieures à 5.1.20
Oracle	Virtualization	Oracle Secure Global Desktop version 5.2
Oracle	Virtualization	Oracle VM VirtualBox versions 5.0.x antérieures à 5.0.38
Oracle	Virtualization	Oracle Secure Global Desktop version 4.71

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpuapr2017verbose-3236619 du 18 avril 2017	None	vendor-advisory
Bulletin de sécurité Oracle cpuapr2017-3236618 du 18 avril 2017	None	vendor-advisory
Bulletin de sécurité Oracle cpuapr2017-3236618 du 18 avril 2017	-	other
Bulletin de sécurité Oracle cpuapr2017verbose-3236619 du 18 avril 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Secure Global Desktop version 5.3",
      "product": {
        "name": "Virtualization",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle VM VirtualBox versions 5.1.x ant\u00e9rieures \u00e0 5.1.20",
      "product": {
        "name": "Virtualization",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Secure Global Desktop version 5.2",
      "product": {
        "name": "Virtualization",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle VM VirtualBox versions 5.0.x ant\u00e9rieures \u00e0 5.0.38",
      "product": {
        "name": "Virtualization",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Secure Global Desktop version 4.71",
      "product": {
        "name": "Virtualization",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-3563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3563"
    },
    {
      "name": "CVE-2016-5407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5407"
    },
    {
      "name": "CVE-2017-3731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3731"
    },
    {
      "name": "CVE-2013-1982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1982"
    },
    {
      "name": "CVE-2017-3587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3587"
    },
    {
      "name": "CVE-2016-3739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3739"
    },
    {
      "name": "CVE-2017-3576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3576"
    },
    {
      "name": "CVE-2017-3513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3513"
    },
    {
      "name": "CVE-2017-3558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3558"
    },
    {
      "name": "CVE-2016-0762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0762"
    },
    {
      "name": "CVE-2017-3561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3561"
    },
    {
      "name": "CVE-2017-3559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3559"
    },
    {
      "name": "CVE-2017-3575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3575"
    },
    {
      "name": "CVE-2016-8743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8743"
    },
    {
      "name": "CVE-2017-3538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3538"
    }
  ],
  "initial_release_date": "2017-04-19T00:00:00",
  "last_revision_date": "2017-04-19T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2017-3236618 du 18 avril    2017",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2017verbose-3236619 du 18    avril 2017",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017verbose-3236619.html#OVIR"
    }
  ],
  "reference": "CERTFR-2017-AVI-121",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-04-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Linux and Virtualization\u003c/span\u003e. Certaines d\u0027entre\nelles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Linux and Virtualization",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2017verbose-3236619 du 18 avril 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2017-3236618 du 18 avril 2017",
      "url": null
    }
  ]
}

CERTFR-2018-AVI-026

Vulnerability from certfr_avis - Published: 2018-01-11 - Updated: 2018-01-11

De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D232 sur QFX5200/5110
Juniper Networks	Junos OS	Junos OS versions 17.1 antérieures à 17.1R2-S5, 17.1R3 et 17.1R3 sur MX series
Juniper Networks	Junos OS	Junos OS versions 15.1 antérieures à 15.1F2-S17, 15.1F5-S8, 15.1F6-S8, 15.1R5-S7, 15.1R7
Juniper Networks	Junos OS	Junos OS versions 16.1 antérieures à 16.1R6 sur MX series
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D70, 15.1X53-D231
Juniper Networks	Junos OS	Junos OS versions 14.1 antérieures à 14.1R9 sur MX series
Juniper Networks	Junos OS	Junos OS versions 16.2 antérieures à 16.2R2, 16.2R2-S2, 16.2R3
Juniper Networks	Junos OS	Junos OS versions 14.2 antérieures à 14.2R8
N/A	N/A	CTPView versions 7.1, 7.2 et 7.3.
Juniper Networks	Junos OS	Junos OS versions 15.1 antérieures à 15.1F5-S8, 15.1F6-S8, 15.1R5-S6, 15.1R6-S3, 15.1R7, 15.1F6, 15.1R3
Juniper Networks	Junos OS	Junos OS versions 15.1 antérieures à 15.1R6-S2, 15.1R7
Juniper Networks	Junos OS	Junos OS versions 16.1 antérieures à 16.1R5-S1, 16.1R6
Juniper Networks	Junos Space	Junos Space antérieures à 17.2R1
Juniper Networks	Junos OS	Junos OS versions 15.1 antérieures à 15.1R5-S8, 15.1F6-S9, 15.1R6-S4, 15.1R7 sur MX series
Juniper Networks	Junos OS	Junos OS versions 16.2 antérieures à 16.2R3 sur MX series
Juniper Networks	Junos OS	Junos OS versions 15.1X49 versions 15.1X49-D100 et supérieures mais antérieures à 15.1X49-D121
Juniper Networks	Junos OS	Junos OS versions 14.1X53 antérieures à 14.1X53-D40 sur QFX, EX
Juniper Networks	Junos OS	Junos OS versions 14.2 antérieures à 14.2R8 sur MX series
Juniper Networks	Junos OS	Junos OS versions 12.1X46 antérieures à 12.1X46-D71
Juniper Networks	Junos OS	Junos OS versions 15.1X49 antérieures à 15.1X49-D110 sur SRX
N/A	N/A	ScreenOS toutes versions sans le dernier correctif de sécurité
Juniper Networks	Junos OS	Junos OS versions 16.1X65 antérieures à 16.1X65-D45
Juniper Networks	Junos OS	Junos OS versions 14.1 antérieures à 14.1R8-S5, 14.1R9
Juniper Networks	Junos OS	Junos OS versions 12.3X48 antérieures à 12.3X48-D55 sur SRX
Juniper Networks	Junos OS	Junos OS versions 15.1R5-S4, 15.1R5-S5 et 15.1R6
Juniper Networks	Junos OS	Junos OS versions 12.1X46 antérieures à 12.1X46-D71 sur SRX
Juniper Networks	Junos OS	Junos OS versions 12.3 antérieures à 12.3R12-S7
Juniper Networks	Junos OS	Junos OS versions 14.1X53 antérieures à 14.1X53-D46, 14.1X53-D50 et 14.1X53-D107
Juniper Networks	Junos OS	Junos OS versions 12.3R antérieures à 12.3R12-S7
Juniper Networks	Junos OS	Junos OS versions 12.3X48 antérieures à 12.3X48-D55
Juniper Networks	Junos OS	Junos OS versions 12.3R12 antérieures à 12.3R12-S7
Juniper Networks	Junos OS	Junos OS versions 12.3X48 versions 12.3X48-D55 et supérieures mais antérieures à 12.3X48-D65
Juniper Networks	Junos OS	Junos OS versions 17.2X75 antérieures à 17.2X75-D50
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D49, 15.1X53-D470 sur NFX
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D65 sur QFX10K
Juniper Networks	Junos OS	Junos OS versions 16.1 antérieures à 16.1R3-S6, 16.1R4-S6 et 16.1R5
ESET	Security	Security Director et Log Collector antérieures à 17.2R1
Juniper Networks	Junos OS	Junos OS versions 14.2 antérieures à 14.2R7-S9, 14.2R8

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10838 du 10 janvier 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10831 du 10 janvier 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10835 du 10 janvier 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10833 du 10 janvier 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10837 du 10 janvier 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10841 du 10 janvier 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10828 du 10 janvier 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10834 du 10 janvier 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10829 du 10 janvier 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10836 du 10 janvier 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10839 du 10 janvier 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10830 du 10 janvier 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10832 du 10 janvier 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10840 du 10 janvier 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D232 sur QFX5200/5110",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 17.1 ant\u00e9rieures \u00e0 17.1R2-S5, 17.1R3 et 17.1R3 sur MX series",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1F2-S17, 15.1F5-S8, 15.1F6-S8, 15.1R5-S7, 15.1R7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.1 ant\u00e9rieures \u00e0 16.1R6 sur MX series",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D70, 15.1X53-D231",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 14.1 ant\u00e9rieures \u00e0 14.1R9 sur MX series",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.2 ant\u00e9rieures \u00e0 16.2R2, 16.2R2-S2, 16.2R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 14.2 ant\u00e9rieures \u00e0 14.2R8",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "CTPView versions 7.1, 7.2 et 7.3.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1F5-S8, 15.1F6-S8, 15.1R5-S6, 15.1R6-S3, 15.1R7, 15.1F6, 15.1R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1R6-S2, 15.1R7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.1 ant\u00e9rieures \u00e0 16.1R5-S1, 16.1R6",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space ant\u00e9rieures \u00e0 17.2R1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1R5-S8, 15.1F6-S9, 15.1R6-S4, 15.1R7 sur MX series",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.2 ant\u00e9rieures \u00e0 16.2R3 sur MX series",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X49 versions 15.1X49-D100 et sup\u00e9rieures mais ant\u00e9rieures \u00e0 15.1X49-D121",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 14.1X53 ant\u00e9rieures \u00e0 14.1X53-D40 sur QFX, EX",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 14.2 ant\u00e9rieures \u00e0 14.2R8 sur MX series",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.1X46 ant\u00e9rieures \u00e0 12.1X46-D71",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D110 sur SRX",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "ScreenOS toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.1X65 ant\u00e9rieures \u00e0 16.1X65-D45",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 14.1 ant\u00e9rieures \u00e0 14.1R8-S5, 14.1R9",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.3X48 ant\u00e9rieures \u00e0 12.3X48-D55 sur SRX",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1R5-S4, 15.1R5-S5 et 15.1R6",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.1X46 ant\u00e9rieures \u00e0 12.1X46-D71 sur SRX",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.3 ant\u00e9rieures \u00e0 12.3R12-S7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 14.1X53 ant\u00e9rieures \u00e0 14.1X53-D46, 14.1X53-D50 et 14.1X53-D107",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.3R ant\u00e9rieures \u00e0 12.3R12-S7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.3X48 ant\u00e9rieures \u00e0 12.3X48-D55",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.3R12 ant\u00e9rieures \u00e0 12.3R12-S7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.3X48 versions 12.3X48-D55 et sup\u00e9rieures mais ant\u00e9rieures \u00e0 12.3X48-D65",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 17.2X75 ant\u00e9rieures \u00e0 17.2X75-D50",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D49, 15.1X53-D470 sur NFX",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D65 sur QFX10K",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.1 ant\u00e9rieures \u00e0 16.1R3-S6, 16.1R4-S6 et 16.1R5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Security Director et Log Collector ant\u00e9rieures \u00e0 17.2R1",
      "product": {
        "name": "Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 14.2 ant\u00e9rieures \u00e0 14.2R7-S9, 14.2R8",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-3169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3169"
    },
    {
      "name": "CVE-2017-14106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14106"
    },
    {
      "name": "CVE-2018-0002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0002"
    },
    {
      "name": "CVE-2015-5600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
    },
    {
      "name": "CVE-2018-0008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0008"
    },
    {
      "name": "CVE-2015-6563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6563"
    },
    {
      "name": "CVE-2018-0013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0013"
    },
    {
      "name": "CVE-2015-6564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6564"
    },
    {
      "name": "CVE-2015-7236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7236"
    },
    {
      "name": "CVE-2017-7668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7668"
    },
    {
      "name": "CVE-2017-9798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9798"
    },
    {
      "name": "CVE-2018-0011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0011"
    },
    {
      "name": "CVE-2016-2141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2141"
    },
    {
      "name": "CVE-2015-7501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7501"
    },
    {
      "name": "CVE-2015-5304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5304"
    },
    {
      "name": "CVE-2018-0012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0012"
    },
    {
      "name": "CVE-2018-0003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0003"
    },
    {
      "name": "CVE-2017-9788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9788"
    },
    {
      "name": "CVE-2015-5174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5174"
    },
    {
      "name": "CVE-2017-1000112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000112"
    },
    {
      "name": "CVE-2016-8858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8858"
    },
    {
      "name": "CVE-2017-5664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5664"
    },
    {
      "name": "CVE-2017-1000111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000111"
    },
    {
      "name": "CVE-2017-6074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6074"
    },
    {
      "name": "CVE-2017-5645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5645"
    },
    {
      "name": "CVE-2018-0010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0010"
    },
    {
      "name": "CVE-2018-0005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0005"
    },
    {
      "name": "CVE-2018-0007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0007"
    },
    {
      "name": "CVE-2016-8655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8655"
    },
    {
      "name": "CVE-2017-3167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3167"
    },
    {
      "name": "CVE-2015-5188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5188"
    },
    {
      "name": "CVE-2018-0009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0009"
    },
    {
      "name": "CVE-2017-7679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7679"
    },
    {
      "name": "CVE-2018-0004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0004"
    },
    {
      "name": "CVE-2018-0014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0014"
    },
    {
      "name": "CVE-2017-2634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2634"
    },
    {
      "name": "CVE-2016-8743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8743"
    },
    {
      "name": "CVE-2015-5220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5220"
    },
    {
      "name": "CVE-2018-0006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0006"
    },
    {
      "name": "CVE-2018-0001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0001"
    }
  ],
  "initial_release_date": "2018-01-11T00:00:00",
  "last_revision_date": "2018-01-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-026",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-01-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10838 du 10 janvier 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10838\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10831 du 10 janvier 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10831\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10835 du 10 janvier 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10835\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10833 du 10 janvier 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10833\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10837 du 10 janvier 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10837\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10841 du 10 janvier 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10841\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10828 du 10 janvier 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10828\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10834 du 10 janvier 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10834\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10829 du 10 janvier 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10829\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10836 du 10 janvier 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10836\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10839 du 10 janvier 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10839\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10830 du 10 janvier 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10830\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10832 du 10 janvier 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10832\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10840 du 10 janvier 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10840\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2017-AVI-092

Vulnerability from certfr_avis - Published: 2017-03-28 - Updated: 2017-03-29

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	watchOS versions antérieures à 3.2
Apple	N/A	iOS versions antérieures à 10.3
Apple	N/A	Pages versions antérieures à 3.1, Numbers versions antérieures à 3.1 et Keynote versions antérieures à 3.1 pour iOS
Apple	macOS	macOS Yosemite sans le Security Update 2017-001
Apple	macOS	macOS Server versions antérieures à 5.3
Apple	macOS	macOS Sierra versions antérieures à 10.12.4
Apple	macOS	macOS El Capitan sans le Security Update 2017-001
Apple	N/A	tvOS versions antérieures à 10.2
Apple	N/A	iCloud pour Windows versions antérieures à 6.2
Apple	Safari	Safari versions antérieures à 10.1
Apple	N/A	Pages versions antérieures à 6.1, Numbers versions antérieures à 4.1 et Keynote versions antérieures à 7.1 pour Mac

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT207604 du 27 mars 2017	None	vendor-advisory
Bulletin de sécurité Apple HT207607 du 28 mars 2017	None	vendor-advisory
Bulletin de sécurité Apple HT207615 du 27 mars 2017	None	vendor-advisory
Bulletin de sécurité Apple HT207602 du 27 mars 2017	None	vendor-advisory
Bulletin de sécurité Apple HT207600 du 27 mars 2017	None	vendor-advisory
Bulletin de sécurité Apple HT207595 du 27 mars 2017	None	vendor-advisory
Bulletin de sécurité Apple HT207601 du 27 mars 2017	None	vendor-advisory
Bulletin de sécurité Apple HT207617 du 27 mars 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 10.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Pages versions ant\u00e9rieures \u00e0 3.1, Numbers versions ant\u00e9rieures \u00e0 3.1 et Keynote versions ant\u00e9rieures \u00e0 3.1 pour iOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Yosemite sans le Security Update 2017-001",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Server versions ant\u00e9rieures \u00e0 5.3",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Sierra versions ant\u00e9rieures \u00e0 10.12.4",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS El Capitan sans le Security Update 2017-001",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 10.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 10.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Pages versions ant\u00e9rieures \u00e0 6.1, Numbers versions ant\u00e9rieures \u00e0 4.1 et Keynote versions ant\u00e9rieures \u00e0 7.1 pour Mac",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-2455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2455"
    },
    {
      "name": "CVE-2016-7922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7922"
    },
    {
      "name": "CVE-2016-7936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7936"
    },
    {
      "name": "CVE-2017-2464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2464"
    },
    {
      "name": "CVE-2017-2397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2397"
    },
    {
      "name": "CVE-2017-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2414"
    },
    {
      "name": "CVE-2017-2404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2404"
    },
    {
      "name": "CVE-2017-2376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2376"
    },
    {
      "name": "CVE-2017-6974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6974"
    },
    {
      "name": "CVE-2017-5203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5203"
    },
    {
      "name": "CVE-2016-7933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7933"
    },
    {
      "name": "CVE-2016-0736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0736"
    },
    {
      "name": "CVE-2017-5204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5204"
    },
    {
      "name": "CVE-2017-2400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2400"
    },
    {
      "name": "CVE-2017-5484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5484"
    },
    {
      "name": "CVE-2017-2413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2413"
    },
    {
      "name": "CVE-2017-2391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2391"
    },
    {
      "name": "CVE-2017-2420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2420"
    },
    {
      "name": "CVE-2017-2446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2446"
    },
    {
      "name": "CVE-2016-7993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7993"
    },
    {
      "name": "CVE-2016-7932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7932"
    },
    {
      "name": "CVE-2017-2431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2431"
    },
    {
      "name": "CVE-2017-2367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2367"
    },
    {
      "name": "CVE-2016-7973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7973"
    },
    {
      "name": "CVE-2016-8575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8575"
    },
    {
      "name": "CVE-2017-2418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2418"
    },
    {
      "name": "CVE-2017-2412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2412"
    },
    {
      "name": "CVE-2017-2426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2426"
    },
    {
      "name": "CVE-2017-2448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2448"
    },
    {
      "name": "CVE-2017-2462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2462"
    },
    {
      "name": "CVE-2016-9540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9540"
    },
    {
      "name": "CVE-2017-2452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2452"
    },
    {
      "name": "CVE-2017-2437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2437"
    },
    {
      "name": "CVE-2017-2423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2423"
    },
    {
      "name": "CVE-2017-2472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2472"
    },
    {
      "name": "CVE-2016-9643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9643"
    },
    {
      "name": "CVE-2016-1001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1001"
    },
    {
      "name": "CVE-2016-8574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8574"
    },
    {
      "name": "CVE-2017-2453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2453"
    },
    {
      "name": "CVE-2017-2487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2487"
    },
    {
      "name": "CVE-2017-5029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5029"
    },
    {
      "name": "CVE-2017-2396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2396"
    },
    {
      "name": "CVE-2017-2475",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2475"
    },
    {
      "name": "CVE-2017-2481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2481"
    },
    {
      "name": "CVE-2017-5483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5483"
    },
    {
      "name": "CVE-2017-2440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2440"
    },
    {
      "name": "CVE-2017-2479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2479"
    },
    {
      "name": "CVE-2017-2468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2468"
    },
    {
      "name": "CVE-2017-2388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2388"
    },
    {
      "name": "CVE-2016-1015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1015"
    },
    {
      "name": "CVE-2017-2458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2458"
    },
    {
      "name": "CVE-2017-2471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2471"
    },
    {
      "name": "CVE-2016-7975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7975"
    },
    {
      "name": "CVE-2016-7986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7986"
    },
    {
      "name": "CVE-2017-2406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2406"
    },
    {
      "name": "CVE-2017-5485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5485"
    },
    {
      "name": "CVE-2017-2441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2441"
    },
    {
      "name": "CVE-2016-5636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5636"
    },
    {
      "name": "CVE-2017-2443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2443"
    },
    {
      "name": "CVE-2016-8740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8740"
    },
    {
      "name": "CVE-2016-7934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7934"
    },
    {
      "name": "CVE-2017-2463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2463"
    },
    {
      "name": "CVE-2017-2392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2392"
    },
    {
      "name": "CVE-2016-9533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9533"
    },
    {
      "name": "CVE-2017-2428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2428"
    },
    {
      "name": "CVE-2016-7928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7928"
    },
    {
      "name": "CVE-2017-2439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2439"
    },
    {
      "name": "CVE-2017-2408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2408"
    },
    {
      "name": "CVE-2017-2390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2390"
    },
    {
      "name": "CVE-2016-0751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0751"
    },
    {
      "name": "CVE-2017-2449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2449"
    },
    {
      "name": "CVE-2016-7927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7927"
    },
    {
      "name": "CVE-2017-2383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2383"
    },
    {
      "name": "CVE-2017-2483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2483"
    },
    {
      "name": "CVE-2007-6750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6750"
    },
    {
      "name": "CVE-2016-2161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2161"
    },
    {
      "name": "CVE-2016-9536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9536"
    },
    {
      "name": "CVE-2017-2486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2486"
    },
    {
      "name": "CVE-2017-2465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2465"
    },
    {
      "name": "CVE-2017-2422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2422"
    },
    {
      "name": "CVE-2016-7974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7974"
    },
    {
      "name": "CVE-2017-2425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2425"
    },
    {
      "name": "CVE-2017-5341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5341"
    },
    {
      "name": "CVE-2017-2399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2399"
    },
    {
      "name": "CVE-2017-2389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2389"
    },
    {
      "name": "CVE-2017-2485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2485"
    },
    {
      "name": "CVE-2016-7935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7935"
    },
    {
      "name": "CVE-2017-2478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2478"
    },
    {
      "name": "CVE-2017-2467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2467"
    },
    {
      "name": "CVE-2016-5387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5387"
    },
    {
      "name": "CVE-2017-2435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2435"
    },
    {
      "name": "CVE-2016-9537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9537"
    },
    {
      "name": "CVE-2017-2407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2407"
    },
    {
      "name": "CVE-2017-2385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2385"
    },
    {
      "name": "CVE-2017-2424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2424"
    },
    {
      "name": "CVE-2017-2436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2436"
    },
    {
      "name": "CVE-2017-2454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2454"
    },
    {
      "name": "CVE-2016-7984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7984"
    },
    {
      "name": "CVE-2016-7585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7585"
    },
    {
      "name": "CVE-2016-9935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9935"
    },
    {
      "name": "CVE-2016-7931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7931"
    },
    {
      "name": "CVE-2017-2378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2378"
    },
    {
      "name": "CVE-2016-7939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7939"
    },
    {
      "name": "CVE-2017-2377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2377"
    },
    {
      "name": "CVE-2017-2402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2402"
    },
    {
      "name": "CVE-2017-2427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2427"
    },
    {
      "name": "CVE-2017-2473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2473"
    },
    {
      "name": "CVE-2017-2398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2398"
    },
    {
      "name": "CVE-2017-2469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2469"
    },
    {
      "name": "CVE-2016-3619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3619"
    },
    {
      "name": "CVE-2017-2459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2459"
    },
    {
      "name": "CVE-2017-2386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2386"
    },
    {
      "name": "CVE-2017-2401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2401"
    },
    {
      "name": "CVE-2016-7923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7923"
    },
    {
      "name": "CVE-2017-2419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2419"
    },
    {
      "name": "CVE-2017-2474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2474"
    },
    {
      "name": "CVE-2016-7985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7985"
    },
    {
      "name": "CVE-2016-9539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9539"
    },
    {
      "name": "CVE-2017-2409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2409"
    },
    {
      "name": "CVE-2016-7992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7992"
    },
    {
      "name": "CVE-2017-2380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2380"
    },
    {
      "name": "CVE-2017-2484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2484"
    },
    {
      "name": "CVE-2017-2466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2466"
    },
    {
      "name": "CVE-2017-2393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2393"
    },
    {
      "name": "CVE-2017-2395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2395"
    },
    {
      "name": "CVE-2017-2445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2445"
    },
    {
      "name": "CVE-2016-7929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7929"
    },
    {
      "name": "CVE-2017-2442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2442"
    },
    {
      "name": "CVE-2017-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2416"
    },
    {
      "name": "CVE-2017-2444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2444"
    },
    {
      "name": "CVE-2017-2364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2364"
    },
    {
      "name": "CVE-2017-5342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5342"
    },
    {
      "name": "CVE-2017-2415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2415"
    },
    {
      "name": "CVE-2017-2379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2379"
    },
    {
      "name": "CVE-2017-2457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2457"
    },
    {
      "name": "CVE-2017-2434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2434"
    },
    {
      "name": "CVE-2017-2382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2382"
    },
    {
      "name": "CVE-2017-2381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2381"
    },
    {
      "name": "CVE-2017-2410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2410"
    },
    {
      "name": "CVE-2016-9586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9586"
    },
    {
      "name": "CVE-2017-2421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2421"
    },
    {
      "name": "CVE-2017-5205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5205"
    },
    {
      "name": "CVE-2016-7940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7940"
    },
    {
      "name": "CVE-2017-2438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2438"
    },
    {
      "name": "CVE-2017-2460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2460"
    },
    {
      "name": "CVE-2017-5482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5482"
    },
    {
      "name": "CVE-2016-7926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7926"
    },
    {
      "name": "CVE-2017-2403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2403"
    },
    {
      "name": "CVE-2017-2461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2461"
    },
    {
      "name": "CVE-2017-2384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2384"
    },
    {
      "name": "CVE-2017-5486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5486"
    },
    {
      "name": "CVE-2016-7937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7937"
    },
    {
      "name": "CVE-2016-7983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7983"
    },
    {
      "name": "CVE-2016-1016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1016"
    },
    {
      "name": "CVE-2016-9642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9642"
    },
    {
      "name": "CVE-2016-7925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7925"
    },
    {
      "name": "CVE-2017-2405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2405"
    },
    {
      "name": "CVE-2017-2417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2417"
    },
    {
      "name": "CVE-2017-2447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2447"
    },
    {
      "name": "CVE-2017-2482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2482"
    },
    {
      "name": "CVE-2017-2451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2451"
    },
    {
      "name": "CVE-2017-2430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2430"
    },
    {
      "name": "CVE-2016-7930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7930"
    },
    {
      "name": "CVE-2017-2456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2456"
    },
    {
      "name": "CVE-2016-7056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7056"
    },
    {
      "name": "CVE-2017-2432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2432"
    },
    {
      "name": "CVE-2016-8743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8743"
    },
    {
      "name": "CVE-2017-2470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2470"
    },
    {
      "name": "CVE-2016-9538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9538"
    },
    {
      "name": "CVE-2017-2476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2476"
    },
    {
      "name": "CVE-2016-7938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7938"
    },
    {
      "name": "CVE-2017-5202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5202"
    },
    {
      "name": "CVE-2016-1000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000"
    },
    {
      "name": "CVE-2017-2433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2433"
    },
    {
      "name": "CVE-2017-2450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2450"
    },
    {
      "name": "CVE-2017-2480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2480"
    },
    {
      "name": "CVE-2016-9535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9535"
    },
    {
      "name": "CVE-2016-7924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7924"
    },
    {
      "name": "CVE-2017-2429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2429"
    },
    {
      "name": "CVE-2017-2394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2394"
    }
  ],
  "initial_release_date": "2017-03-28T00:00:00",
  "last_revision_date": "2017-03-29T00:00:00",
  "links": [],
  "reference": "CERTFR-2017-AVI-092",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-03-28T00:00:00.000000"
    },
    {
      "description": "ajout des informations li\u00e9es au bulletin de s\u00e9curit\u00e9 HT207607.",
      "revision_date": "2017-03-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nun d\u00e9ni de service \u00e0 distance et un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207604 du 27 mars 2017",
      "url": "https://support.apple.com/en-us/HT207604"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207607 du 28 mars 2017",
      "url": "https://support.apple.com/en-us/HT207607"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207615 du 27 mars 2017",
      "url": "https://support.apple.com/en-us/HT207615"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207602 du 27 mars 2017",
      "url": "https://support.apple.com/en-us/HT207602"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207600 du 27 mars 2017",
      "url": "https://support.apple.com/en-us/HT207600"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207595 du 27 mars 2017",
      "url": "https://support.apple.com/en-us/HT207595"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207601 du 27 mars 2017",
      "url": "https://support.apple.com/en-us/HT207601"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207617 du 27 mars 2017",
      "url": "https://support.apple.com/en-us/HT207617"
    }
  ]
}

GSD-2016-8743

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-8743

Aliases

CVE-2016-8743

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-8743",
    "description": "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.",
    "id": "GSD-2016-8743",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-8743.html",
      "https://www.debian.org/security/2017/dsa-3796",
      "https://access.redhat.com/errata/RHSA-2017:1721",
      "https://access.redhat.com/errata/RHSA-2017:1415",
      "https://access.redhat.com/errata/RHSA-2017:1414",
      "https://access.redhat.com/errata/RHSA-2017:1413",
      "https://access.redhat.com/errata/RHSA-2017:1161",
      "https://access.redhat.com/errata/RHSA-2017:0906",
      "https://ubuntu.com/security/CVE-2016-8743",
      "https://advisories.mageia.org/CVE-2016-8743.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2016-8743.html",
      "https://linux.oracle.com/cve/CVE-2016-8743.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-8743"
      ],
      "details": "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.",
      "id": "GSD-2016-8743",
      "modified": "2023-12-13T01:21:22.721896Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "DATE_PUBLIC": "2016-12-20T00:00:00",
        "ID": "CVE-2016-8743",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache HTTP Server",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2.2.0 to 2.2.31, 2.4.1 to 2.4.23"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Request Smuggling, Response Splitting"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT208221",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT208221"
          },
          {
            "name": "DSA-3796",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2017/dsa-3796"
          },
          {
            "name": "RHSA-2017:1721",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2017:1721"
          },
          {
            "name": "1037508",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037508"
          },
          {
            "name": "RHSA-2017:1413",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2017:1413"
          },
          {
            "name": "RHSA-2017:1161",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2017:1161"
          },
          {
            "name": "https://www.tenable.com/security/tns-2017-04",
            "refsource": "CONFIRM",
            "url": "https://www.tenable.com/security/tns-2017-04"
          },
          {
            "name": "RHSA-2017:1414",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2017:1414"
          },
          {
            "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03753en_us",
            "refsource": "CONFIRM",
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03753en_us"
          },
          {
            "name": "95077",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/95077"
          },
          {
            "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us",
            "refsource": "CONFIRM",
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
          },
          {
            "name": "RHSA-2017:1415",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
          },
          {
            "name": "RHSA-2017:0906",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2017:0906"
          },
          {
            "name": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743",
            "refsource": "CONFIRM",
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743"
          },
          {
            "name": "GLSA-201701-36",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201701-36"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20180423-0001/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20180423-0001/"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1888217 - /httpd/site/trunk/content/security/json/CVE-2016-8743.json",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r94284b139540e5287ebdd3450682d3e3d187263dd6b75af8fa7d4890@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073163 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2016-8743.json security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r4fe84db67fe9dc906c6185e58bbd9913f4356dd555a5c3db490694e5@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1888221 - /httpd/site/trunk/content/security/json/CVE-2016-8743.json",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r09b8a39d1262adbab5528eea73df1b1f93e919bf004ed5a843d9cad1@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073161 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2016-8743.json security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rfcb6c7b9e7ca727a7eeeb5f13f89488a03981cfa0e7c3125f18fa239@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.4.23",
                "versionStartIncluding": "2.4.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.2.31",
                "versionStartIncluding": "2.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2016-8743"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743"
            },
            {
              "name": "GLSA-201701-36",
              "refsource": "GENTOO",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://security.gentoo.org/glsa/201701-36"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
            },
            {
              "name": "1037508",
              "refsource": "SECTRACK",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1037508"
            },
            {
              "name": "95077",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/95077"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03753en_us",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03753en_us"
            },
            {
              "name": "https://www.tenable.com/security/tns-2017-04",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.tenable.com/security/tns-2017-04"
            },
            {
              "name": "DSA-3796",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3796"
            },
            {
              "name": "https://support.apple.com/HT208221",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.apple.com/HT208221"
            },
            {
              "name": "RHSA-2017:1721",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1721"
            },
            {
              "name": "RHSA-2017:1414",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1414"
            },
            {
              "name": "RHSA-2017:1413",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1413"
            },
            {
              "name": "RHSA-2017:1161",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1161"
            },
            {
              "name": "RHSA-2017:0906",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:0906"
            },
            {
              "name": "RHSA-2017:1415",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180423-0001/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20180423-0001/"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073163 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2016-8743.json security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r4fe84db67fe9dc906c6185e58bbd9913f4356dd555a5c3db490694e5@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1888221 - /httpd/site/trunk/content/security/json/CVE-2016-8743.json",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r09b8a39d1262adbab5528eea73df1b1f93e919bf004ed5a843d9cad1@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073161 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2016-8743.json security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rfcb6c7b9e7ca727a7eeeb5f13f89488a03981cfa0e7c3125f18fa239@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1888217 - /httpd/site/trunk/content/security/json/CVE-2016-8743.json",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r94284b139540e5287ebdd3450682d3e3d187263dd6b75af8fa7d4890@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-09-07T17:39Z",
      "publishedDate": "2017-07-27T21:29Z"
    }
  }
}

CNVD-2016-13233

Vulnerability from cnvd - Published: 2016-12-28

Title

Apache HTTP Server安全绕过漏洞（CNVD-2016-13233）

Description

Apache httpd是美国阿帕奇（Apache）软件基金会的一款专为现代操作系统开发和维护的开源HTTP服务器。 Apache httpd 2.4.25之前的版本中存在安全漏洞，该漏洞源于程序未能正确的解析HTTP头数据。远程攻击者可通过提交特制的URL伪造目标服务器内容，造成Web缓存中毒或实施跨站脚本攻击。

Severity

中

Patch Name

Apache HTTP Server安全绕过漏洞（CNVD-2016-13233）的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://httpd.apache.org/security/vulnerabilities_24.html

Reference

http://www.securityfocus.com/bid/95077

Impacted products

Name
Apache HTTP Server <2.4.25

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "95077"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8743"
    }
  },
  "description": "Apache httpd\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u4e13\u4e3a\u73b0\u4ee3\u64cd\u4f5c\u7cfb\u7edf\u5f00\u53d1\u548c\u7ef4\u62a4\u7684\u5f00\u6e90HTTP\u670d\u52a1\u5668\u3002\r\n\r\nApache httpd 2.4.25\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u89e3\u6790HTTP\u5934\u6570\u636e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u63d0\u4ea4\u7279\u5236\u7684URL\u4f2a\u9020\u76ee\u6807\u670d\u52a1\u5668\u5185\u5bb9\uff0c\u9020\u6210Web\u7f13\u5b58\u4e2d\u6bd2\u6216\u5b9e\u65bd\u8de8\u7ad9\u811a\u672c\u653b\u51fb\u3002",
  "discovererName": "David Dennerline at IBM Security\u0027s X-Force Researchers as well as Regis Leroy",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://httpd.apache.org/security/vulnerabilities_24.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-13233",
  "openTime": "2016-12-28",
  "patchDescription": "Apache httpd\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u4e13\u4e3a\u73b0\u4ee3\u64cd\u4f5c\u7cfb\u7edf\u5f00\u53d1\u548c\u7ef4\u62a4\u7684\u5f00\u6e90HTTP\u670d\u52a1\u5668\u3002\r\n\r\nApache httpd 2.4.25\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u89e3\u6790HTTP\u5934\u6570\u636e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u63d0\u4ea4\u7279\u5236\u7684URL\u4f2a\u9020\u76ee\u6807\u670d\u52a1\u5668\u5185\u5bb9\uff0c\u9020\u6210Web\u7f13\u5b58\u4e2d\u6bd2\u6216\u5b9e\u65bd\u8de8\u7ad9\u811a\u672c\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache HTTP Server\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2016-13233\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Apache HTTP Server \u003c2.4.25"
  },
  "referenceLink": "http://www.securityfocus.com/bid/95077",
  "serverity": "\u4e2d",
  "submitTime": "2016-12-26",
  "title": "Apache HTTP Server\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2016-13233\uff09"
}

FKIE_CVE-2016-8743

Vulnerability from fkie_nvd - Published: 2017-07-27 21:29 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
security@apache.org	http://rhn.redhat.com/errata/RHSA-2017-1415.html	Third Party Advisory
security@apache.org	http://www.debian.org/security/2017/dsa-3796	Third Party Advisory
security@apache.org	http://www.securityfocus.com/bid/95077	Third Party Advisory, VDB Entry
security@apache.org	http://www.securitytracker.com/id/1037508	Broken Link, Third Party Advisory, VDB Entry
security@apache.org	https://access.redhat.com/errata/RHSA-2017:0906	Third Party Advisory
security@apache.org	https://access.redhat.com/errata/RHSA-2017:1161	Third Party Advisory
security@apache.org	https://access.redhat.com/errata/RHSA-2017:1413	Third Party Advisory
security@apache.org	https://access.redhat.com/errata/RHSA-2017:1414	Third Party Advisory
security@apache.org	https://access.redhat.com/errata/RHSA-2017:1721	Third Party Advisory
security@apache.org	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03753en_us	Third Party Advisory
security@apache.org	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us	Third Party Advisory
security@apache.org	https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743	Vendor Advisory
security@apache.org	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r09b8a39d1262adbab5528eea73df1b1f93e919bf004ed5a843d9cad1%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r4fe84db67fe9dc906c6185e58bbd9913f4356dd555a5c3db490694e5%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r94284b139540e5287ebdd3450682d3e3d187263dd6b75af8fa7d4890%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rfcb6c7b9e7ca727a7eeeb5f13f89488a03981cfa0e7c3125f18fa239%40%3Ccvs.httpd.apache.org%3E
security@apache.org	https://security.gentoo.org/glsa/201701-36	Patch, Third Party Advisory, VDB Entry
security@apache.org	https://security.netapp.com/advisory/ntap-20180423-0001/	Third Party Advisory
security@apache.org	https://support.apple.com/HT208221	Third Party Advisory
security@apache.org	https://www.tenable.com/security/tns-2017-04	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2017-1415.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2017/dsa-3796	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/95077	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037508	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2017:0906	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2017:1161	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2017:1413	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2017:1414	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2017:1721	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03753en_us	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r09b8a39d1262adbab5528eea73df1b1f93e919bf004ed5a843d9cad1%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r4fe84db67fe9dc906c6185e58bbd9913f4356dd555a5c3db490694e5%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r94284b139540e5287ebdd3450682d3e3d187263dd6b75af8fa7d4890%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rfcb6c7b9e7ca727a7eeeb5f13f89488a03981cfa0e7c3125f18fa239%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201701-36	Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20180423-0001/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT208221	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.tenable.com/security/tns-2017-04	Third Party Advisory

Impacted products

Vendor	Product	Version
apache	http_server	*
apache	http_server	*
netapp	clustered_data_ontap	-
netapp	oncommand_unified_manager	-
debian	debian_linux	8.0
debian	debian_linux	9.0
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_eus	7.3
redhat	enterprise_linux_eus	7.4
redhat	enterprise_linux_eus	7.5
redhat	enterprise_linux_eus	7.6
redhat	enterprise_linux_eus	7.7
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	7.3
redhat	enterprise_linux_server_aus	7.4
redhat	enterprise_linux_server_aus	7.6
redhat	enterprise_linux_server_aus	7.7
redhat	enterprise_linux_server_tus	7.3
redhat	enterprise_linux_server_tus	7.6
redhat	enterprise_linux_server_tus	7.7
redhat	enterprise_linux_workstation	6.0
redhat	enterprise_linux_workstation	7.0
redhat	jboss_core_services	1.0
redhat	enterprise_linux	6.0
redhat	enterprise_linux	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3E7037D-2C83-4F09-8DC6-4C51D447727A",
              "versionEndIncluding": "2.2.31",
              "versionStartIncluding": "2.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8805C987-A5BB-403B-BB9F-B745A2AE7865",
              "versionEndIncluding": "2.4.23",
              "versionStartIncluding": "2.4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2466282-51AB-478D-9FF4-FA524265ED2E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution."
    },
    {
      "lang": "es",
      "value": "El servidor HTTP Apache, en todas las distribuciones anteriores a la 2.2.32 y la 2.4.25 era liberal en el espacio en blanco aceptado de peticiones y enviado en lineas y cabeceras de respuesta. La aceptaci\u00f3n de estos comportamientos diferentes representaba un problema a nivel de seguridad cuando httpd participa en cualquier cadena de proxies o interact\u00faa con servidores de aplicaciones backend, ya sea mediante mod_proxy o utilizando mecanismos CGI convencionales y puede dar lugar al tr\u00e1fico de peticiones, divisi\u00f3n de respuestas y contaminaci\u00f3n de la cach\u00e9."
    }
  ],
  "id": "CVE-2016-8743",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-27T21:29:00.287",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3796"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95077"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037508"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:0906"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1161"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1413"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1414"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1721"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03753en_us"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r09b8a39d1262adbab5528eea73df1b1f93e919bf004ed5a843d9cad1%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r4fe84db67fe9dc906c6185e58bbd9913f4356dd555a5c3db490694e5%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r94284b139540e5287ebdd3450682d3e3d187263dd6b75af8fa7d4890%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rfcb6c7b9e7ca727a7eeeb5f13f89488a03981cfa0e7c3125f18fa239%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://security.gentoo.org/glsa/201701-36"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180423-0001/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/HT208221"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2017-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3796"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037508"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:0906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1161"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1414"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1721"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03753en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r09b8a39d1262adbab5528eea73df1b1f93e919bf004ed5a843d9cad1%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r4fe84db67fe9dc906c6185e58bbd9913f4356dd555a5c3db490694e5%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r94284b139540e5287ebdd3450682d3e3d187263dd6b75af8fa7d4890%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rfcb6c7b9e7ca727a7eeeb5f13f89488a03981cfa0e7c3125f18fa239%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://security.gentoo.org/glsa/201701-36"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180423-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/HT208221"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2017-04"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-2RFH-2GH8-V9FQ

Vulnerability from github – Published: 2022-05-13 01:09 – Updated: 2025-04-20 03:41

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-8743"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-27T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.",
  "id": "GHSA-2rfh-2gh8-v9fq",
  "modified": "2025-04-20T03:41:35Z",
  "published": "2022-05-13T01:09:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8743"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:0906"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r94284b139540e5287ebdd3450682d3e3d187263dd6b75af8fa7d4890@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rfcb6c7b9e7ca727a7eeeb5f13f89488a03981cfa0e7c3125f18fa239%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rfcb6c7b9e7ca727a7eeeb5f13f89488a03981cfa0e7c3125f18fa239@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201701-36"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20180423-0001"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208221"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/tns-2017-04"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:1161"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:1413"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:1414"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:1721"
    },
    {
      "type": "WEB",
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03753en_us"
    },
    {
      "type": "WEB",
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
    },
    {
      "type": "WEB",
      "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r09b8a39d1262adbab5528eea73df1b1f93e919bf004ed5a843d9cad1%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r09b8a39d1262adbab5528eea73df1b1f93e919bf004ed5a843d9cad1@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r4fe84db67fe9dc906c6185e58bbd9913f4356dd555a5c3db490694e5%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r4fe84db67fe9dc906c6185e58bbd9913f4356dd555a5c3db490694e5@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r94284b139540e5287ebdd3450682d3e3d187263dd6b75af8fa7d4890%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3796"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95077"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037508"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-8743 (GCVE-0-2016-8743)

Solution

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature