Lucene search

K
oraclelinuxOracleLinuxELSA-2017-2479
HistoryAug 15, 2017 - 12:00 a.m.

httpd security update

2017-08-1500:00:00
linux.oracle.com
84

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.539 Medium

EPSS

Percentile

97.3%

[2.4.6-67.0.1.el7_4.2]

  • replace index.html with Oracle’s index page oracle_index.html
    [2.4.6-67.2]
  • Resolves: #1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw()
    authentication bypass
  • Resolves: #1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference
  • Resolves: #1463207 - CVE-2017-7679 httpd: mod_mime buffer overread
  • Resolves: #1463205 - CVE-2017-7668 httpd: ap_find_token() buffer overread
  • Resolves: #1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection
    in mod_auth_digest

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.539 Medium

EPSS

Percentile

97.3%