Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2019:1296
HistoryMay 30, 2019 - 2:46 p.m.

(RHSA-2019:1296) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2 security update

2019-05-3014:46:35
access.redhat.com
122

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON

Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

This release adds the new Apache HTTP Server 2.4.29 Service Pack 2 packages that are part of the JBoss Core Services offering. It serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release.

Security Fix(es):

  • openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732)

  • openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495)

  • httpd: privilege escalation from modules scripts (CVE-2019-0211)

Details around this issue, including information about the CVE, severity of the issue, and CVSS scores can be found on the CVE pages listed in the References section below.

Related

nessus 61
redhat 3
cloudfoundry 2
ubuntu 4
openvas 21
amazon 2
prion 3
osv 5
oraclelinux 3
redhatcve 3
freebsd 2
slackware 2
archlinux 1
alpinelinux 3
ubuntucve 3
debian 3
ibm 22
broadcom 2
tenable 4
veracode 4
suse 6
f5 3
cve 3
centos 1
mageia 3
fedora 4
debiancve 3
hackerone 1
symantec 2
aix 1
checkpoint_advisories 2
openssl 1
gentoo 2
ics 1
myhack58 2
attackerkb 2
thn 2
zdt 1
cisa_kev 1
httpd 1
packetstorm 1
exploitpack 1
photon 1
exploitdb 1
nessus
nessus
RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2 (RHSA-2019:1297)
2019-05-31 00:00:00
EulerOS Virtualization 2.5.3 : openssl (EulerOS-SA-2019-1185)
2019-04-09 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : OpenSSL vulnerabilities (USN-3692-1)
2018-06-27 00:00:00
redhat
redhat
(RHSA-2019:1297) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2 security update
2019-05-30 14:46:40
(RHSA-2018:3221) Moderate: openssl security, bug fix, and enhancement update
2018-10-30 04:31:37
(RHSA-2020:1461) Important: nss-softokn security update
2020-04-14 14:33:58
cloudfoundry
cloudfoundry
USN-3692-1: OpenSSL vulnerabilities | Cloud Foundry
2018-07-10 00:00:00
USN-3689-1: Libgcrypt vulnerability | Cloud Foundry
2018-07-10 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2018-06-26 00:00:00
OpenSSL vulnerabilities
2018-06-26 00:00:00
Libgcrypt vulnerability
2018-06-19 00:00:00
openvas
openvas
Ubuntu Update for openssl USN-3692-1
2018-06-27 00:00:00
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-1185)
2020-01-23 00:00:00
openSUSE: Security Advisory for libgcrypt (openSUSE-SU-2018:2178-1)
2018-08-04 00:00:00
amazon
amazon
Medium: openssl
2018-11-07 22:07:00
Medium: openssl
2018-10-30 20:50:00
prion
prion
Memory corruption
2018-06-13 23:29:00
Design/Logic Flaw
2018-06-12 13:29:00
Code injection
2019-04-08 22:29:00
osv
osv
CVE-2018-0495
2018-06-13 23:29:00
CVE-2018-0732
2018-06-12 13:29:00
libgcrypt20 - security update
2018-06-17 00:00:00
oraclelinux
oraclelinux
openssl security, bug fix, and enhancement update
2018-11-05 00:00:00
openssl security update
2018-11-06 00:00:00
nss, nss-softokn, nss-util, and nspr security, bug fix, and enhancement update
2019-08-13 00:00:00
redhatcve
redhatcve
CVE-2018-0495
2018-06-14 08:19:05
CVE-2018-0732
2018-06-14 05:18:51
CVE-2019-0211
2020-04-03 13:58:57
freebsd
freebsd
libgcrypt -- side-channel attack vulnerability
2018-06-13 00:00:00
OpenSSL -- Client DoS due to large DH parameter
2018-06-12 00:00:00
slackware
slackware
[slackware-security] libgcrypt
2018-06-13 22:09:13
[slackware-security] httpd
2019-04-06 20:06:27
archlinux
archlinux
[ASA-201806-10] libgcrypt: private key recovery
2018-06-16 00:00:00
alpinelinux
alpinelinux
CVE-2018-0495
2018-06-13 23:29:00
CVE-2018-0732
2018-06-12 13:29:00
CVE-2019-0211
2019-04-08 22:29:00
ubuntucve
ubuntucve
CVE-2018-0495
2018-06-13 00:00:00
CVE-2018-0732
2018-06-12 00:00:00
CVE-2019-0211
2019-04-02 00:00:00
debian
debian
[SECURITY] [DSA 4231-1] libgcrypt20 security update
2018-06-17 18:53:17
[SECURITY] [DSA 4231-1] libgcrypt20 security update
2018-06-17 18:53:17
[SECURITY] [DLA 1405-1] libgcrypt20 security update
2018-06-29 08:04:20
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL affect PowerKVM
2018-12-17 15:00:02
Security Bulletin: OpenSSL vulnerabilities affect IBM Rational Team Concert
2021-04-28 18:35:50
Security Bulletin: WebSphere MQ V5.3 for HP NonStop Server (MIPS and Itanium) is affected by OpenSSL vulnerability CVE-2018-0732
2018-11-21 16:30:01
broadcom
broadcom
CVE-2018-0732. Client DoS due to large DH parameter.
2022-09-13 00:00:00
CVE-2018-0732. Client DoS due to large DH parameter.
2022-09-13 00:00:00
tenable
tenable
[R1] Nessus 8.0.0 Fixes Multiple Third-party Vulnerabilities
2018-10-23 21:15:12
[R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities
2018-12-20 19:43:50
[R1] Nessus 8.0.0 Fixes Multiple Third-party Vulnerabilities
2018-10-23 21:15:12
veracode
veracode
Denial Of Service (DoS)
2018-06-13 03:48:25
Side-channel Attack
2019-06-03 00:25:00
Denial Of Service (DoS)
2019-01-15 09:24:14
suse
suse
Security update for openssl-1_1 (moderate)
2018-10-05 12:08:41
Security update for openssl-1_1 (moderate)
2018-07-28 15:09:18
Security update for libgcrypt (moderate)
2018-07-28 16:00:35
f5
f5
K20001553 : Libgcrypt vulnerability CVE-2018-0495
2018-09-28 00:00:00
K21665601 : OpenSSL vulnerability CVE-2018-0732
2018-07-20 00:00:00
K32957101 : Apache HTTPD vulnerability CVE-2019-0211
2019-04-11 00:00:00
cve
cve
CVE-2018-0495
2018-06-13 23:29:00
CVE-2018-0732
2018-06-12 13:29:00
CVE-2019-0211
2019-04-08 22:29:00
centos
centos
openssl security update
2018-11-15 18:50:49
mageia
mageia
Updated libgcrypt packages fix security vulnerability
2018-07-01 20:17:14
Updated libcrypt packages fix a security vulnerability
2018-07-02 01:17:47
Updated nss packages fix security vulnerability
2019-01-16 01:15:34
fedora
fedora
[SECURITY] Fedora 27 Update: libgcrypt-1.8.3-1.fc27
2018-06-17 19:45:43
[SECURITY] Fedora 28 Update: libgcrypt-1.8.3-1.fc28
2018-06-18 16:20:42
[SECURITY] Fedora 28 Update: botan2-2.7.0-1.fc28
2018-07-11 20:24:19
debiancve
debiancve
CVE-2018-0495
2018-06-13 23:29:00
CVE-2018-0732
2018-06-12 13:29:00
CVE-2019-0211
2019-04-08 22:29:00
hackerone
hackerone
Internet Bug Bounty: Client DoS due to large DH parameter (CVE-2018-0732)
2018-06-12 11:15:31
symantec
symantec
OpenSSL CVE-2018-0732 Denial of Service Vulnerability
2018-06-12 00:00:00
Apache HTTP Server CVE-2019-0211 Local Privilege Escalation Vulnerability
2019-04-01 00:00:00
aix
aix
Vulnerability in OpenSSL affects AIX (CVE-2018-0732)
2018-09-19 08:44:29
checkpoint_advisories
checkpoint_advisories
OpenSSL Denial of Service (CVE-2018-0732)
2019-02-17 00:00:00
Apache HTTP Server File Upload Privilege Escalation (CVE-2019-0211)
2019-04-15 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2018-0732
2018-06-12 00:00:00
gentoo
gentoo
OpenSSL: Denial of service
2018-11-09 00:00:00
Apache: Privilege escalation
2019-04-22 00:00:00
ics
ics
Siemens TIM 1531 IRC
2021-06-08 12:00:00
myhack58
myhack58
Apache HTTP Server components to mention the right vulnerability alerts-a vulnerability alert-the black bar safety net
2019-04-03 00:00:00
Apache mention the right vulnerability, CVE-2019-0211)step on the pit-vulnerability warning-the black bar safety net
2019-04-15 00:00:00
attackerkb
attackerkb
CVE-2019-0211
2019-04-08 00:00:00
CVE-2019-0211
2019-04-08 00:00:00
thn
thn
Bug or Feature? Hidden Web Application Vulnerabilities Uncovered
2023-12-15 11:08:00
Why Everyone Needs to Take the Latest CISA Directive Seriously
2021-12-03 09:23:00
zdt
zdt
Apache 2.4.17 < 2.4.38 - apache2ctl graceful (logrotate) Local Privilege Escalation Exploit
2019-04-08 00:00:00
cisa_kev
cisa_kev
Apache HTTP Server Privilege Escalation Vulnerability
2021-11-03 00:00:00
httpd
httpd
Apache Httpd < 2.4.39 : Apache HTTP Server privilege escalation from modules' scripts
2019-02-22 00:00:00
packetstorm
packetstorm
CARPE (DIEM) Apache 2.4.x Local Privilege Escalation
2019-04-08 00:00:00
exploitpack
exploitpack
Apache 2.4.17 2.4.38 - apache2ctl graceful logrotate Local Privilege Escalation
2019-04-08 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0182
2018-09-05 00:00:00
exploitdb
exploitdb
Apache 2.4.17 &lt; 2.4.38 - &#039;apache2ctl graceful&#039; &#039;logrotate&#039; Local Privilege Escalation
2019-04-08 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON
Related for RHSA-2019:1296
nessus61redhat3cloudfoundry2ubuntu4openvas21amazon2prion3osv5oraclelinux3redhatcve3freebsd2slackware2archlinux1alpinelinux3ubuntucve3debian3ibm22broadcom2tenable4veracode4suse6f53cve3centos1mageia3fedora4debiancve3hackerone1symantec2aix1checkpoint_advisories2openssl1gentoo2ics1myhack582attackerkb2thn2zdt1cisa_kev1httpd1packetstorm1exploitpack1photon1exploitdb1