[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2018-0007":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":32,"duplicates":33,"related":34,"reserved_at":9,"published_at":44,"modified_at":45,"state":9,"summary":46,"references_raw":48,"kevs":77,"epss":9,"epss_history":78,"metrics":79,"affected":80},"MGASA-2018-0007","Updated apache packages fix security vulnerability\n\nmod_sessioncrypto was encrypting its data/cookie using the configured ciphers\nwith possibly either CBC or ECB modes of operation (AES256-CBC by default),\nhence no selectable or builtin authenticated encryption. This made it\nvulnerable to padding oracle attacks, particularly with CBC (CVE-2016-0736).\n\nMalicious input to mod_auth_digest will cause the server to crash, and each\ninstance continues to crash even for subsequently valid requests\n(CVE-2016-2161).\n\nEmmanuel Dreyfus reported that the use of ap_get_basic_auth_pw() by third-party\nmodules outside of the authentication phase may lead to authentication\nrequirements being bypassed (CVE-2017-3167).\n\nVasileios Panopoulos of AdNovum Informatik AG discovered that mod_ssl may\ndereference a NULL pointer when third-party modules call\nap_hook_process_connection() during an HTTP request to an HTTPS port leading to\na denial of service (CVE-2017-3169).\n\nJavier Jimenez reported that the HTTP strict parsing contains a flaw leading to\na buffer overread in ap_find_token(). A remote attacker can take advantage of\nthis flaw by carefully crafting a sequence of request headers to cause a\nsegmentation fault, or to force ap_find_token() to return an incorrect value\n(CVE-2017-7668).\n\nChenQin and Hanno Boeck reported that mod_mime can read one byte past the end of\na buffer when sending a malicious Content-Type response header (CVE-2017-7679).\n\nRobert Swiecki reported that mod_auth_digest does not properly initialize or\nreset the value placeholder in [Proxy-]Authorization headers of type \"Digest\"\nbetween successive key=value assignments, leading to information disclosure or\ndenial of service (CVE-2017-9788).\n\nHanno Böck discovered that the Apache HTTP Server incorrectly handled Limit\ndirectives in .htaccess files. In certain configurations, a remote attacker\ncould possibly use this issue to read arbitrary server memory, including\nsensitive information. This issue is known as Optionsbleed (CVE-2017-9798).\n",null,[],[],[],[14,16,18,20,22,24,26,28,30],{"_key":15},"CVE-2016-0736",{"_key":17},"CVE-2016-2161",{"_key":19},"CVE-2016-8743",{"_key":21},"CVE-2017-3167",{"_key":23},"CVE-2017-3169",{"_key":25},"CVE-2017-7668",{"_key":27},"CVE-2017-7679",{"_key":29},"CVE-2017-9788",{"_key":31},"CVE-2017-9798",[],[],[35,36,37,38,39,40,41,42,43],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},"2018-01-01T10:38:51Z","2026-04-16T06:26:01.391943099Z",{"cisa_kev":47,"cisa_ransomware":47,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[49,55,60,65,69,73],{"url":50,"sources":51,"tags":53},"https://advisories.mageia.org/MGASA-2018-0007.html",[52],"osv_mageia",[54],"Advisory",{"url":56,"sources":57,"tags":58},"https://bugs.mageia.org/show_bug.cgi?id=20002",[52],[59],"REPORT",{"url":61,"sources":62,"tags":63},"https://www.debian.org/security/2017/dsa-3896",[52],[59,64],"WEB",{"url":66,"sources":67,"tags":68},"https://www.debian.org/security/2017/dsa-3913",[52],[59,64],{"url":70,"sources":71,"tags":72},"https://usn.ubuntu.com/usn/usn-3425-1/",[52],[59,64],{"url":74,"sources":75,"tags":76},"https://httpd.apache.org/security/vulnerabilities_24.html",[52],[59,64],[],[],[],[81],{"ecosystem":82,"name":83,"vendor":84,"product":83,"cpe_part":9,"purl_type":85,"purl_namespace":84,"purl_name":83,"source":9,"versions":86},"Mageia","apache","mageia","rpm",[87],{"version":88,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":91,"version_end_type":92,"fixed_in":9},"lt2_4_10_16_7_mga5",true,"ecosystem","2.4.10-16.7.mga5","excluding"]