CVE-2016-0736

MEDIUM

Description

In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.

References

http://rhn.redhat.com/errata/RHSA-2017-1415.html

http://www.debian.org/security/2017/dsa-3796

http://www.securityfocus.com/bid/95078

http://www.securitytracker.com/id/1037508

https://access.redhat.com/errata/RHSA-2017:0906

https://access.redhat.com/errata/RHSA-2017:1161

https://access.redhat.com/errata/RHSA-2017:1413

https://access.redhat.com/errata/RHSA-2017:1414

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us

https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-0736

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://security.gentoo.org/glsa/201701-36

https://security.netapp.com/advisory/ntap-20180423-0001/

https://support.apple.com/HT208221

https://www.exploit-db.com/exploits/40961/

https://www.tenable.com/security/tns-2017-04

Details

Source: MITRE

Published: 2017-07-27

Updated: 2021-03-30

Type: CWE-310

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (30 total)

IDNameProductFamilySeverity
124922EulerOS Virtualization 3.0.1.0 : httpd (EulerOS-SA-2019-1419)NessusHuawei Local Security Checks
high
700511macOS < 10.13 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
98910Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (httpoxy)Web Application ScanningComponent Vulnerability
medium
117316RHEL 6 : JBoss Core Services (RHSA-2017:1414)NessusRed Hat Local Security Checks
high
117315RHEL 7 : JBoss Core Services (RHSA-2017:1413)NessusRed Hat Local Security Checks
high
104379macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)NessusMacOS X Local Security Checks
critical
103598macOS < 10.13 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
101445Virtuozzo 7 : httpd / httpd-devel / httpd-manual / httpd-tools / etc (VZLSA-2017-0906)NessusVirtuozzo Local Security Checks
medium
101044Tenable SecurityCenter Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (TNS-2017-04) (httpoxy)NessusMisc.
high
100098Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : apache2 vulnerabilities (USN-3279-1)NessusUbuntu Local Security Checks
medium
99952EulerOS 2.0 SP2 : httpd (EulerOS-SA-2017-1086)NessusHuawei Local Security Checks
medium
99951EulerOS 2.0 SP1 : httpd (EulerOS-SA-2017-1085)NessusHuawei Local Security Checks
medium
99379CentOS 7 : httpd (CESA-2017:0906)NessusCentOS Local Security Checks
medium
99350Scientific Linux Security Update : httpd on SL7.x x86_64 (20170412)NessusScientific Linux Local Security Checks
medium
99340RHEL 7 : httpd (RHSA-2017:0906)NessusRed Hat Local Security Checks
medium
99329Oracle Linux 7 : httpd (ELSA-2017-0906)NessusOracle Linux Local Security Checks
medium
99155openSUSE Security Update : apache2 (openSUSE-2017-417)NessusSuSE Local Security Checks
medium
99154openSUSE Security Update : apache2 (openSUSE-2017-416)NessusSuSE Local Security Checks
medium
99134macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)NessusMacOS X Local Security Checks
critical
97916SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:0801-1)NessusSuSE Local Security Checks
medium
97912SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:0797-1)NessusSuSE Local Security Checks
medium
97726Tenable SecurityCenter 5.x < 5.4.3 Multiple Vulnerabilities (TNS-2017-04) (httpoxy)NessusMisc.
medium
97400Debian DSA-3796-1 : apache2 - security updateNessusDebian Local Security Checks
medium
96631Amazon Linux AMI : httpd24 (ALAS-2017-785)NessusAmazon Linux Local Security Checks
medium
96516GLSA-201701-36 : Apache: Multiple vulnerabilities (httpoxy)NessusGentoo Local Security Checks
medium
96451Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (httpoxy)NessusWeb Servers
medium
96114Fedora 24 : httpd (2016-d22f50d985)NessusFedora Local Security Checks
medium
96111Fedora 25 : httpd (2016-8d9b62c784)NessusFedora Local Security Checks
medium
96090Slackware 14.0 / 14.1 / 14.2 / current : httpd (SSA:2016-358-01) (httpoxy)NessusSlackware Local Security Checks
medium
96037FreeBSD : Apache httpd -- several vulnerabilities (862d6ab3-c75e-11e6-9f98-20cf30e32f6d) (httpoxy)NessusFreeBSD Local Security Checks
medium