BSA-2017-500

Brocade Fabric OS

2 more products

21664

27 July 2017

27 July 2017

Closed

Medium

5.4

N/A

CVE-2016-0736

Summary

Security Advisory ID : BSA-2017-500

Component : Apache HTTPD

Revision : 1.0: Final


It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. Affects version 2.4.x up to 2.4.23

Affected Products
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.

Revision History

Version Change Date
1.0 Final  Jul 27, 2017