VDB
RHSA-2016%3A2957
RHSA-2016%3A2957
PUBLISHED
CVSS 7.5 HIGH
Red Hat JBoss Core Services httpd 2.4.23 is now available from the Red Hat Customer Portal for Solaris and Microsoft Windows systems. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Risk Scores
CVSS 3.1
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat JBoss Core Services 1 | ||
| Text-Only JBCS |
Exploit Intelligence
- Docker container implementing tests for CVE-2016-2107 - LuckyNegative20 (github-poc-repo)
- Docker container implementing tests for CVE-2016-2107 - LuckyNegative20 (github-poc-repo)
- Simple test for the May 2016 OpenSSL padding oracle (CVE-2016-2107) (github-poc-repo)
- Simple test for the May 2016 OpenSSL padding oracle (CVE-2016-2107) (github-poc-repo)
- PoC of CVE-2016-3627 (github-poc-repo)
- PoC of CVE-2016-3627 (github-poc-repo)
- PoC of CVE-2016-3627 (github-poc)
- Docker container implementing tests for CVE-2016-2107 - LuckyNegative20 (github-poc)
- Docker container implementing tests for CVE-2016-2107 - LuckyNegative20 (github-poc)
- Simple test for the May 2016 OpenSSL padding oracle (CVE-2016-2107) (github-poc)
…and 56 more exploits
Timeline
- Dec 15, 2016 CVE Published
- Nov 22, 2024 CVE Updated
- Apr 7, 2026 Distribution Patch
- Apr 7, 2026 Distribution Patch
- Apr 7, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1288322 url
- https://access.redhat.com/errata/RHSA-2016:2957 advisory
- https://access.redhat.com/security/updates/classification/#important url
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp&downloadType=distributions&version=2.4.23 url
- https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/ url
- https://bugzilla.redhat.com/show_bug.cgi?id=801648 url
- https://bugzilla.redhat.com/show_bug.cgi?id=1121519 url
- https://bugzilla.redhat.com/show_bug.cgi?id=1196737 url
- https://bugzilla.redhat.com/show_bug.cgi?id=1202366 url
- https://bugzilla.redhat.com/show_bug.cgi?id=1227574 url
- https://bugzilla.redhat.com/show_bug.cgi?id=1228611 url
- https://bugzilla.redhat.com/show_bug.cgi?id=1243888 url
- https://bugzilla.redhat.com/show_bug.cgi?id=1288320 url
- https://bugzilla.redhat.com/show_bug.cgi?id=1288326 url
- https://bugzilla.redhat.com/show_bug.cgi?id=1310596 url
- https://bugzilla.redhat.com/show_bug.cgi?id=1310599 url
- https://bugzilla.redhat.com/show_bug.cgi?id=1311880 url
- https://bugzilla.redhat.com/show_bug.cgi?id=1312219 url
- https://bugzilla.redhat.com/show_bug.cgi?id=1314757 url
- https://bugzilla.redhat.com/show_bug.cgi?id=1319829 url
…and 28 more