Уязвимость CVE-2016-2161: Информация

Описание

In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.

Важность: HIGH (7,5) Вектор: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-2161

Опубликовано: 28 июля 2017 г.

Изменено: 7 ноября 2023 г.

Идентификатор типа ошибки: CWE-20

Исправленные пакеты

Имя пакета	Ветка	Исправлено в версии	Версия в репозитории	Errata ID	№ Задания	Состояние
apache2	sisyphus	2.4.25-alt1	2.4.59-alt1	ALT-PU-2017-1655-1	183315	Исправлено
apache2	p10	2.4.25-alt1	2.4.59-alt1	ALT-PU-2017-1655-1	183315	Исправлено
apache2	p9	2.4.25-alt1	2.4.58-alt1	ALT-PU-2017-1655-1	183315	Исправлено
apache2	p8	2.4.25-alt2.M80P.1	2.4.43-alt1	ALT-PU-2017-1750-1	184324	Исправлено
apache2	c10f1	2.4.25-alt1	2.4.59-alt1	ALT-PU-2017-1655-1	183315	Исправлено
apache2	c9f2	2.4.25-alt1	2.4.59-alt1	ALT-PU-2017-1655-1	183315	Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка	Ресурс
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-2161	Vendor Advisory
GLSA-201701-36	Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us	Third Party Advisory
1037508	Third Party Advisory VDB Entry
95076	Third Party Advisory VDB Entry
https://www.tenable.com/security/tns-2017-04
DSA-3796
https://support.apple.com/HT208221
RHSA-2017:1414
RHSA-2017:1413
RHSA-2017:1161
RHSA-2017:0906
RHSA-2017:1415
https://security.netapp.com/advisory/ntap-20180423-0001/
[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/
[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html
[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Подверженные конфигурации:
1. Конфигурация 1
  cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.8:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.14:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.22:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.19:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.21:*:*:*:*:*:*:*

Версия: v24.5.0

Наверх

Уязвимость CVE-2016-2161: Информация

Описание

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

Конфигурация 1