CVE-2016-0736

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.

References

https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-0736

https://security.gentoo.org/glsa/201701-36

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us

http://www.securitytracker.com/id/1037508

http://www.securityfocus.com/bid/95078

https://www.exploit-db.com/exploits/40961/

https://www.tenable.com/security/tns-2017-04

http://www.debian.org/security/2017/dsa-3796

https://support.apple.com/HT208221

https://access.redhat.com/errata/RHSA-2017:1414

https://access.redhat.com/errata/RHSA-2017:1413

https://access.redhat.com/errata/RHSA-2017:1161

https://access.redhat.com/errata/RHSA-2017:0906

http://rhn.redhat.com/errata/RHSA-2017-1415.html

https://security.netapp.com/advisory/ntap-20180423-0001/

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2017-07-27

Updated: 2021-06-06

Type: CWE-310

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (30 total)

IDNameProductFamilySeverity
124922EulerOS Virtualization 3.0.1.0 : httpd (EulerOS-SA-2019-1419)NessusHuawei Local Security Checks
critical
700511macOS < 10.13 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
98910Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (httpoxy)Web Application ScanningComponent Vulnerability
high
117316RHEL 6 : JBoss Core Services (RHSA-2017:1414)NessusRed Hat Local Security Checks
high
117315RHEL 7 : JBoss Core Services (RHSA-2017:1413)NessusRed Hat Local Security Checks
high
104379macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)NessusMacOS X Local Security Checks
critical
103598macOS < 10.13 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
101445Virtuozzo 7 : httpd / httpd-devel / httpd-manual / httpd-tools / etc (VZLSA-2017-0906)NessusVirtuozzo Local Security Checks
high
101044Tenable SecurityCenter Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (TNS-2017-04) (httpoxy)NessusMisc.
high
100098Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : apache2 vulnerabilities (USN-3279-1)NessusUbuntu Local Security Checks
high
99952EulerOS 2.0 SP2 : httpd (EulerOS-SA-2017-1086)NessusHuawei Local Security Checks
high
99951EulerOS 2.0 SP1 : httpd (EulerOS-SA-2017-1085)NessusHuawei Local Security Checks
high
99379CentOS 7 : httpd (CESA-2017:0906)NessusCentOS Local Security Checks
high
99350Scientific Linux Security Update : httpd on SL7.x x86_64 (20170412)NessusScientific Linux Local Security Checks
high
99340RHEL 7 : httpd (RHSA-2017:0906)NessusRed Hat Local Security Checks
high
99329Oracle Linux 7 : httpd (ELSA-2017-0906)NessusOracle Linux Local Security Checks
high
99155openSUSE Security Update : apache2 (openSUSE-2017-417)NessusSuSE Local Security Checks
high
99154openSUSE Security Update : apache2 (openSUSE-2017-416)NessusSuSE Local Security Checks
high
99134macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)NessusMacOS X Local Security Checks
critical
97916SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:0801-1)NessusSuSE Local Security Checks
high
97912SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:0797-1)NessusSuSE Local Security Checks
high
97726Tenable SecurityCenter 5.x < 5.4.3 Multiple Vulnerabilities (TNS-2017-04) (httpoxy)NessusMisc.
medium
97400Debian DSA-3796-1 : apache2 - security updateNessusDebian Local Security Checks
high
96631Amazon Linux AMI : httpd24 (ALAS-2017-785)NessusAmazon Linux Local Security Checks
high
96516GLSA-201701-36 : Apache: Multiple vulnerabilities (httpoxy)NessusGentoo Local Security Checks
high
96451Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (httpoxy)NessusWeb Servers
high
96114Fedora 24 : httpd (2016-d22f50d985)NessusFedora Local Security Checks
high
96111Fedora 25 : httpd (2016-8d9b62c784)NessusFedora Local Security Checks
high
96090Slackware 14.0 / 14.1 / 14.2 / current : httpd (SSA:2016-358-01) (httpoxy)NessusSlackware Local Security Checks
high
96037FreeBSD : Apache httpd -- several vulnerabilities (862d6ab3-c75e-11e6-9f98-20cf30e32f6d) (httpoxy)NessusFreeBSD Local Security Checks
high