CVE-2016-8612

CWE-20Improper Input Validation5 documents5 sources
Severity
4.3MEDIUM
EPSS
1.3%
top 20.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apache Http ServerRED Hat, Inc. MOD ClusterRedhat Enterprise Linux
Timeline
PublishedMar 9
Latest updateMay 13

Description

Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDapache/http_server< 2.4.23
CVEListV5red_hat,_inc./mod_clusterhttpd 2.4.23

Also affects: Enterprise Linux 6.0, 7.0

🔴Vulnerability Details

2
GHSA
GHSA-pw68-p55m-86x8: Apache HTTP Server mod_cluster before version httpd 22022-05-13
CVEList
CVE-2016-8612: Apache HTTP Server mod_cluster before version httpd 22018-03-09

📋Vendor Advisories

1
Red Hat
mod_cluster: Protocol parsing logic error2016-12-15

💬Community

1
Bugzilla
CVE-2016-8612 JBCS mod_cluster: Protocol parsing logic error2016-10-21
CVE-2016-8612 (MEDIUM CVSS 4.3) | Apache HTTP Server mod_cluster befo | cvebase.io