CVE-2016-2161
CVE-2016-2161
Vexday Risk Score
8Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 21.0%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
27 jul 2017Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.
Productos afectados
Apache Software Foundation · Apache HTTP Server¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://rhn.redhat.com/errata/RHSA-2017-1415.htmlhttps://access.redhat.com/errata/RHSA-2017:0906https://access.redhat.com/errata/RHSA-2017:1161https://access.redhat.com/errata/RHSA-2017:1413https://access.redhat.com/errata/RHSA-2017:1414https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_ushttps://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-2161https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E