CVE-2016-0736

Severity

50%

Complexity

99%

Confidentiality

48%

In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.

In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.

CVSS 3.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N).

Overview

Type

Apache Software Foundation

First reported 7 years ago

2017-07-27 21:29:00

Last updated 6 years ago

2018-04-25 01:29:00

Affected Software

Apache Software Foundation Apache HTTP Server 2.4.0

2.4.0

Apache Software Foundation Apache HTTP Server 2.4.1

2.4.1

Apache Software Foundation Apache HTTP Server 2.4.2

2.4.2

Apache Software Foundation Apache HTTP Server 2.4.3

2.4.3

Apache Software Foundation Apache HTTP Server 2.4.6

2.4.6

Apache Software Foundation Apache HTTP Server 2.4.7

2.4.7

Apache Software Foundation Apache HTTP Server 2.4.8

2.4.8

Apache Software Foundation Apache HTTP Server 2.4.9

2.4.9

Apache Software Foundation Apache HTTP Server 2.4.10

2.4.10

Apache Software Foundation Apache HTTP Server 2.4.12

2.4.12

Apache Software Foundation Apache HTTP Server 2.4.14

2.4.14

Apache Software Foundation Apache HTTP Server 2.4.16

2.4.16

Apache Software Foundation HTTP Server 2.4.19

2.4.19

Apache Software Foundation HTTP Server 2.4.20

2.4.20

Apache Software Foundation Apache HTTP Server 2.4.21

2.4.21

Apache Software Foundation Apache HTTP Server 2.4.22

2.4.22

Apache Software Foundation HTTP Server 2.4.23

2.4.23

References

RHSA-2017:1415

DSA-3796

95078

Third Party Advisory, VDB Entry

1037508

Third Party Advisory, VDB Entry

RHSA-2017:0906

RHSA-2017:1161

RHSA-2017:1413

RHSA-2017:1414

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us

Third Party Advisory

https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-0736

Vendor Advisory

[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

GLSA-201701-36

Third Party Advisory

https://security.netapp.com/advisory/ntap-20180423-0001/

https://support.apple.com/HT208221

40961

https://www.tenable.com/security/tns-2017-04

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.