CVE-2016-3110

CWE-20 — Improper Input Validation9 documents6 sources

Severity

7.5HIGH

EPSS

3.2%

top 12.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fedoraproject Fedora Redhat Jboss Enterprise Application Platform Redhat Jboss Enterprise WEB Server

Timeline

PublishedSep 26

Latest updateMay 14

Description

mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDredhat/jboss_enterprise_web_server2.0.0, 2.1+1

▶Mavenorg.jboss.mod_cluster:mod_cluster-parent< 1.3.3.Final

▶NVDredhat/jboss_enterprise_application_platform6.0.0, 6.4.0+1

Also affects: Fedora 28, 29, 30

🔴Vulnerability Details

GHSA

mod_cluster Denial of Service vulnerability↗2022-05-14

▶

OSV

mod_cluster Denial of Service vulnerability↗2022-05-14

▶

CVEList

CVE-2016-3110: mod_cluster, as used in Red Hat JBoss Web Server 2↗2016-09-26

▶

📋Vendor Advisories

Red Hat

mod_cluster: remotely Segfault Apache http server↗2016-08-22

▶

💬Community

Bugzilla

CVE-2016-3110 mod_cluster: remotely Segfault Apache http server [epel-6]↗2016-09-08

▶

Bugzilla

CVE-2016-3110 mod_cluster: remotely Segfault Apache http server [fedora-all]↗2016-09-08

▶

Bugzilla

CVE-2016-3110 mod_cluster: remotely Segfault Apache http server↗2016-05-23

▶

Bugzilla

CVE-2016-3110 mod_cluster: remotely Segfault Apache http server↗2016-04-12

▶