7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
67.2%
Package : apache2
Version : 2.2.22-13+deb7u11
CVE ID : CVE-2015-0253 CVE-2016-8743
Debian Bug : 858373
The fix for CVE-2016-8743 introduced a regression which would segfault
apache workers under certain conditions (#858373), an issue similar to
previously fixed CVE-2015-0253.
The issue was introduced in DLA-841-1 and the associated
2.2.22-13+deb7u8 package version. For Debian 7 "Wheezy", these
problems have been fixed in version 2.2.22-13+deb7u11.
We recommend that you upgrade your apache2 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | kfreebsd-amd64 | apache2-mpm-worker | < 2.4.10-10+deb8u8 | apache2-mpm-worker_2.4.10-10+deb8u8_kfreebsd-amd64.deb |
Debian | 8 | armhf | apache2-dev | < 2.4.10-10+deb8u8 | apache2-dev_2.4.10-10+deb8u8_armhf.deb |
Debian | 8 | amd64 | apache2-utils | < 2.4.10-10+deb8u8 | apache2-utils_2.4.10-10+deb8u8_amd64.deb |
Debian | 8 | mips | apache2-dev | < 2.4.10-10+deb8u8 | apache2-dev_2.4.10-10+deb8u8_mips.deb |
Debian | 8 | arm64 | apache2-bin | < 2.4.10-10+deb8u8 | apache2-bin_2.4.10-10+deb8u8_arm64.deb |
Debian | 7 | armel | apache2-suexec | < 2.2.22-13+deb7u11 | apache2-suexec_2.2.22-13+deb7u11_armel.deb |
Debian | 8 | ppc64el | apache2-mpm-worker | < 2.4.10-10+deb8u8 | apache2-mpm-worker_2.4.10-10+deb8u8_ppc64el.deb |
Debian | 8 | mipsel | apache2-suexec-pristine | < 2.4.10-10+deb8u8 | apache2-suexec-pristine_2.4.10-10+deb8u8_mipsel.deb |
Debian | 8 | ppc64el | apache2-mpm-event | < 2.4.10-10+deb8u8 | apache2-mpm-event_2.4.10-10+deb8u8_ppc64el.deb |
Debian | 8 | kfreebsd-amd64 | apache2-mpm-prefork | < 2.4.10-10+deb8u8 | apache2-mpm-prefork_2.4.10-10+deb8u8_kfreebsd-amd64.deb |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
67.2%