Vulnerability Details : CVE-2016-8612

Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.

Vulnerability category: Memory CorruptionInput validation

Published 2018-03-09 20:29:00

Updated 2023-02-12 23:26:02

Source Red Hat, Inc.

View at NVD, CVE.org

Threat overview for CVE-2016-8612

Top countries where our scanners detected CVE-2016-8612

Top open port discovered on systems with this issue 80

IPs affected by CVE-2016-8612 3,385,489

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2016-8612!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2016-8612

Probability of exploitation activity in the next 30 days: 0.11%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 44 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2016-8612

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
3.3	LOW	AV:A/AC:L/Au:N/C:N/I:N/A:P	6.5	2.9	nvd@nist.gov
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
4.3	MEDIUM	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L	2.8	1.4	nvd@nist.gov
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low

CWE ids for CVE-2016-8612

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Assigned by:
- nvd@nist.gov (Secondary)
- secalert@redhat.com (Primary)

References for CVE-2016-8612

https://access.redhat.com/errata/RHSA-2017:0194

RHSA-2017:0194 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/94939

Red Hat mod_cluster CVE-2016-8612 Denial of Service Vulnerability
Third Party Advisory;VDB Entry
http://rhn.redhat.com/errata/RHSA-2016-2957.html

RHSA-2016:2957 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1387605

1387605 – (CVE-2016-8612) CVE-2016-8612 JBCS mod_cluster: Protocol parsing logic error
Issue Tracking;Third Party Advisory
https://security.netapp.com/advisory/ntap-20180601-0005/

CVE-2016-8612 Apache HTTP Server Vulnerability in NetApp Products | NetApp Product Security
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0193

RHSA-2017:0193 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url

Products affected by CVE-2016-8612

Redhat » Enterprise Linux » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Matching versions
Apache » Http Server
Versions before (<) 2.4.23
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
Matching versions
Netapp » Storage Automation Store » Version: N/A
cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*
Matching versions