Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2019:1297
HistoryMay 30, 2019 - 2:46 p.m.

(RHSA-2019:1297) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2 security update

2019-05-3014:46:40
access.redhat.com
133

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 2 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked to in the References section.

Security Fix(es):

  • openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732)

  • openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495)

  • httpd: privilege escalation from modules scripts (CVE-2019-0211)

Details around this issue, including information about the CVE, severity of the issue, and CVSS scores can be found on the CVE pages listed in the References section below.

OSVersionArchitecturePackageVersionFilename
RedHat6x86_64jbcs-httpd24-openssl-libs< 1.0.2n-15.jbcs.el6jbcs-httpd24-openssl-libs-1.0.2n-15.jbcs.el6.x86_64.rpm
RedHat7x86_64jbcs-httpd24-openssl-libs< 1.0.2n-15.jbcs.el7jbcs-httpd24-openssl-libs-1.0.2n-15.jbcs.el7.x86_64.rpm
RedHat6i686jbcs-httpd24-mod_proxy_html< 2.4.29-40.jbcs.el6jbcs-httpd24-mod_proxy_html-2.4.29-40.jbcs.el6.i686.rpm
RedHat6x86_64jbcs-httpd24-httpd< 2.4.29-40.jbcs.el6jbcs-httpd24-httpd-2.4.29-40.jbcs.el6.x86_64.rpm
RedHat6i686jbcs-httpd24-httpd-devel< 2.4.29-40.jbcs.el6jbcs-httpd24-httpd-devel-2.4.29-40.jbcs.el6.i686.rpm
RedHat6x86_64jbcs-httpd24-openssl-devel< 1.0.2n-15.jbcs.el6jbcs-httpd24-openssl-devel-1.0.2n-15.jbcs.el6.x86_64.rpm
RedHat6i686jbcs-httpd24-openssl-perl< 1.0.2n-15.jbcs.el6jbcs-httpd24-openssl-perl-1.0.2n-15.jbcs.el6.i686.rpm
RedHat6i686jbcs-httpd24-httpd-selinux< 2.4.29-40.jbcs.el6jbcs-httpd24-httpd-selinux-2.4.29-40.jbcs.el6.i686.rpm
RedHat7x86_64jbcs-httpd24-mod_proxy_html< 2.4.29-40.jbcs.el7jbcs-httpd24-mod_proxy_html-2.4.29-40.jbcs.el7.x86_64.rpm
RedHat6x86_64jbcs-httpd24-openssl-perl< 1.0.2n-15.jbcs.el6jbcs-httpd24-openssl-perl-1.0.2n-15.jbcs.el6.x86_64.rpm
Rows per page:
1-10 of 471

Related

redhat 2
nessus 53
openvas 36
ubuntu 4
cloudfoundry 2
amazon 2
centos 1
ibm 21
oraclelinux 2
prion 3
osv 5
redhatcve 3
debian 3
freebsd 2
ubuntucve 3
archlinux 1
slackware 2
alpinelinux 3
suse 6
veracode 4
f5 3
cve 3
hackerone 1
symantec 2
aix 1
debiancve 3
fedora 2
tenable 4
broadcom 2
attackerkb 2
myhack58 2
thn 2
exploitpack 1
httpd 1
cisa_kev 1
packetstorm 1
checkpoint_advisories 2
gentoo 2
zdt 1
mageia 3
ics 1
openssl 1
redhat
redhat
(RHSA-2019:1296) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2 security update
2019-05-30 14:46:35
(RHSA-2018:3221) Moderate: openssl security, bug fix, and enhancement update
2018-10-30 04:31:37
nessus
nessus
RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2 (RHSA-2019:1297)
2019-05-31 00:00:00
EulerOS Virtualization 2.5.3 : openssl (EulerOS-SA-2019-1185)
2019-04-09 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : OpenSSL vulnerabilities (USN-3692-1)
2018-06-27 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3692-1)
2018-06-27 00:00:00
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-1185)
2020-01-23 00:00:00
Ubuntu: Security Advisory (USN-3692-2)
2022-08-26 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2018-06-26 00:00:00
OpenSSL vulnerabilities
2018-06-26 00:00:00
Libgcrypt vulnerability
2018-06-19 00:00:00
cloudfoundry
cloudfoundry
USN-3692-1: OpenSSL vulnerabilities | Cloud Foundry
2018-07-10 00:00:00
USN-3689-1: Libgcrypt vulnerability | Cloud Foundry
2018-07-10 00:00:00
amazon
amazon
Medium: openssl
2018-11-07 22:07:00
Medium: openssl
2018-10-30 20:50:00
centos
centos
openssl security update
2018-11-15 18:50:49
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL affect PowerKVM
2018-12-17 15:00:02
Security Bulletin: IBM QRadar Network Security is affected by multiple openssl vulnerabilities.
2018-12-07 02:45:02
Security Bulletin: Vulnerability in OpenSSL affects IBM BladeCenter Advanced Management Module (AMM)
2018-10-03 16:20:01
oraclelinux
oraclelinux
openssl security, bug fix, and enhancement update
2018-11-05 00:00:00
openssl security update
2018-11-06 00:00:00
prion
prion
Memory corruption
2018-06-13 23:29:00
Design/Logic Flaw
2018-06-12 13:29:00
Code injection
2019-04-08 22:29:00
osv
osv
CVE-2018-0495
2018-06-13 23:29:00
libgcrypt20 - security update
2018-06-29 00:00:00
CVE-2018-0732
2018-06-12 13:29:00
redhatcve
redhatcve
CVE-2018-0495
2018-06-14 08:19:05
CVE-2018-0732
2018-06-14 05:18:51
CVE-2019-0211
2020-04-03 13:58:57
debian
debian
[SECURITY] [DSA 4231-1] libgcrypt20 security update
2018-06-17 18:53:17
[SECURITY] [DLA 1405-1] libgcrypt20 security update
2018-06-29 08:04:20
[SECURITY] [DSA 4231-1] libgcrypt20 security update
2018-06-17 18:53:17
freebsd
freebsd
libgcrypt -- side-channel attack vulnerability
2018-06-13 00:00:00
OpenSSL -- Client DoS due to large DH parameter
2018-06-12 00:00:00
ubuntucve
ubuntucve
CVE-2018-0495
2018-06-13 00:00:00
CVE-2018-0732
2018-06-12 00:00:00
CVE-2019-0211
2019-04-02 00:00:00
archlinux
archlinux
[ASA-201806-10] libgcrypt: private key recovery
2018-06-16 00:00:00
slackware
slackware
[slackware-security] libgcrypt
2018-06-13 22:09:13
[slackware-security] httpd
2019-04-06 20:06:27
alpinelinux
alpinelinux
CVE-2018-0495
2018-06-13 23:29:00
CVE-2019-0211
2019-04-08 22:29:00
CVE-2018-0732
2018-06-12 13:29:00
suse
suse
Security update for openssl-1_1 (moderate)
2018-07-28 15:09:18
Security update for openssl-1_1 (moderate)
2018-10-05 12:08:41
Security update for libgcrypt (moderate)
2018-07-28 16:00:35
veracode
veracode
Denial Of Service (DoS)
2018-06-13 03:48:25
Side-channel Attack
2019-06-03 00:25:00
Arbitrary Code Execution
2019-05-16 03:58:58
f5
f5
K20001553 : Libgcrypt vulnerability CVE-2018-0495
2018-09-28 00:00:00
K21665601 : OpenSSL vulnerability CVE-2018-0732
2018-07-20 00:00:00
K32957101 : Apache HTTPD vulnerability CVE-2019-0211
2019-04-11 00:00:00
cve
cve
CVE-2018-0495
2018-06-13 23:29:00
CVE-2018-0732
2018-06-12 13:29:00
CVE-2019-0211
2019-04-08 22:29:00
hackerone
hackerone
Internet Bug Bounty: Client DoS due to large DH parameter (CVE-2018-0732)
2018-06-12 11:15:31
symantec
symantec
OpenSSL CVE-2018-0732 Denial of Service Vulnerability
2018-06-12 00:00:00
Apache HTTP Server CVE-2019-0211 Local Privilege Escalation Vulnerability
2019-04-01 00:00:00
aix
aix
Vulnerability in OpenSSL affects AIX (CVE-2018-0732)
2018-09-19 08:44:29
debiancve
debiancve
CVE-2018-0732
2018-06-12 13:29:00
CVE-2018-0495
2018-06-13 23:29:00
CVE-2019-0211
2019-04-08 22:29:00
fedora
fedora
[SECURITY] Fedora 27 Update: libgcrypt-1.8.3-1.fc27
2018-06-17 19:45:43
[SECURITY] Fedora 28 Update: libgcrypt-1.8.3-1.fc28
2018-06-18 16:20:42
tenable
tenable
[R1] Nessus 8.0.0 Fixes Multiple Third-party Vulnerabilities
2018-10-23 21:15:12
[R1] Nessus 8.0.0 Fixes Multiple Third-party Vulnerabilities
2018-10-23 21:15:12
[R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities
2018-12-20 19:43:50
broadcom
broadcom
CVE-2018-0732. Client DoS due to large DH parameter.
2022-09-13 00:00:00
CVE-2018-0732. Client DoS due to large DH parameter.
2022-09-13 00:00:00
attackerkb
attackerkb
CVE-2019-0211
2019-04-08 00:00:00
CVE-2019-0211
2019-04-08 00:00:00
myhack58
myhack58
Apache mention the right vulnerability, CVE-2019-0211)step on the pit-vulnerability warning-the black bar safety net
2019-04-15 00:00:00
Apache HTTP Server components to mention the right vulnerability alerts-a vulnerability alert-the black bar safety net
2019-04-03 00:00:00
thn
thn
Why Everyone Needs to Take the Latest CISA Directive Seriously
2021-12-03 09:23:00
Bug or Feature? Hidden Web Application Vulnerabilities Uncovered
2023-12-15 11:08:00
exploitpack
exploitpack
Apache 2.4.17 2.4.38 - apache2ctl graceful logrotate Local Privilege Escalation
2019-04-08 00:00:00
httpd
httpd
Apache Httpd < 2.4.39 : Apache HTTP Server privilege escalation from modules' scripts
2019-02-22 00:00:00
cisa_kev
cisa_kev
Apache HTTP Server Privilege Escalation Vulnerability
2021-11-03 00:00:00
packetstorm
packetstorm
CARPE (DIEM) Apache 2.4.x Local Privilege Escalation
2019-04-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache HTTP Server File Upload Privilege Escalation (CVE-2019-0211)
2019-04-15 00:00:00
OpenSSL Denial of Service (CVE-2018-0732)
2019-02-17 00:00:00
gentoo
gentoo
Apache: Privilege escalation
2019-04-22 00:00:00
OpenSSL: Denial of service
2018-11-09 00:00:00
zdt
zdt
Apache 2.4.17 < 2.4.38 - apache2ctl graceful (logrotate) Local Privilege Escalation Exploit
2019-04-08 00:00:00
mageia
mageia
Updated libgcrypt packages fix security vulnerability
2018-07-01 20:17:14
Updated libcrypt packages fix a security vulnerability
2018-07-02 01:17:47
Updated nss packages fix security vulnerability
2019-01-16 01:15:34
ics
ics
Siemens TIM 1531 IRC
2021-06-08 12:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2018-0732
2018-06-12 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON
Related for RHSA-2019:1297
redhat2nessus53openvas36ubuntu4cloudfoundry2amazon2centos1ibm21oraclelinux2prion3osv5redhatcve3debian3freebsd2ubuntucve3archlinux1slackware2alpinelinux3suse6veracode4f53cve3hackerone1symantec2aix1debiancve3fedora2tenable4broadcom2attackerkb2myhack582thn2exploitpack1httpd1cisa_kev1packetstorm1checkpoint_advisories2gentoo2zdt1mageia3ics1openssl1