CVE-2016-2161

Description

In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.

CVSS Metrics

• v3.0•HIGH•Score: 7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
• v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 25.82%• Percentile: 96%

Techniques & Countermeasures

• CWE-823•Use of Out-of-range Pointer Offset

  The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.

• CWE-20•Improper Input Validation

  The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Affected Systems

• apache software foundation•apache http server

  2.4.0 to 2.4.23

• Unknown•HTTP Server

  2.4.0 | 2.4.1 | 2.4.2 | 2.4.3 | 2.4.6 | 2.4.7 | 2.4.8 | 2.4.9 | 2.4.10 | 2.4.12 | 2.4.14 | 2.4.16 | 2.4.19 | 2.4.20 | 2.4.21 | 2.4.22 | 2.4.23

References (27)

• https://support.apple.com/HT208221
• http://www.securityfocus.com/bid/95076
• http://www.debian.org/security/2017/dsa-3796
• http://www.securitytracker.com/id/1037508
• https://access.redhat.com/errata/RHSA-2017:1413
• https://access.redhat.com/errata/RHSA-2017:1161
• https://www.tenable.com/security/tns-2017-04
• https://access.redhat.com/errata/RHSA-2017:1414
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us
• https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-2161
• http://rhn.redhat.com/errata/RHSA-2017-1415.html
• https://access.redhat.com/errata/RHSA-2017:0906
• https://security.gentoo.org/glsa/201701-36
• https://security.netapp.com/advisory/ntap-20180423-0001/
• https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E