BSA-2017-500
21664
27 July 2017
27 July 2017
Closed
Medium
5.4
N/A
CVE-2016-0736
Summary Security Advisory ID : BSA-2017-500 Component : Apache HTTPD Revision : 1.0: Final
It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. Affects version 2.4.x up to 2.4.23
Affected Products
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.
Revision History
Version | Change | Date |
---|---|---|
1.0 | Final | Jul 27, 2017 |