CVE-2016-3110 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Redhat	Jboss Enterprise Application Platform	6.0.0
Redhat	Jboss Enterprise Web Server	2.0.0
Redhat	Enterprise Linux	6.0
Fedoraproject	Fedora	28

Related Weaknesses (CWE)

CWE-20

References

http://rhn.redhat.com/errata/RHSA-2016-1648.htmlVendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-1649.htmlVendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-1650.htmlBroken Link
http://rhn.redhat.com/errata/RHSA-2016-2054.htmlVendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-2055.htmlVendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-2056.htmlBroken Link
http://www.securityfocus.com/bid/92584Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1326320Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
http://rhn.redhat.com/errata/RHSA-2016-1648.htmlVendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-1649.htmlVendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-1650.htmlBroken Link
http://rhn.redhat.com/errata/RHSA-2016-2054.htmlVendor Advisory

FAQ

What is CVE-2016-3110?

CVE-2016-3110 is a vulnerability with a CVSS score of 7.5 (HIGH). mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters a...

How severe is CVE-2016-3110?

CVE-2016-3110 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-3110?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform, Redhat Jboss Enterprise Web Server, Redhat Enterprise Linux, Fedoraproject Fedora.