6.8 - RHSA-2019:1898

Executive Summary

Summary
Title	httpd security update

Informations
Name	RHSA-2019:1898	First vendor Publication	2019-07-29
Vendor	RedHat	Last vendor Modification	2019-07-29
Severity (Vendor)	N/A	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score	6.8	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An update for httpd is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x

3. Description:

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

* httpd: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1560634 - CVE-2018-1312 httpd: Weak Digest auth nonce generation in mod_auth_digest

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2019-1898.html

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-287	Improper Authentication

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apache Http Server cpe:2.3:a:apache:http_server:2.4.9:::::::* cpe:2.3:a:apache:http_server:2.4.7:::::::* cpe:2.3:a:apache:http_server:2.4.6:::::::* cpe:2.3:a:apache:http_server:2.4.4:::::::* cpe:2.3:a:apache:http_server:2.4.3:::::::* cpe:2.3:a:apache:http_server:2.4.29:::::::* cpe:2.3:a:apache:http_server:2.4.28:::::::* cpe:2.3:a:apache:http_server:2.4.27:::::::* cpe:2.3:a:apache:http_server:2.4.26:::::::* cpe:2.3:a:apache:http_server:2.4.25:::::::* cpe:2.3:a:apache:http_server:2.4.23:::::::* cpe:2.3:a:apache:http_server:2.4.20:::::::* cpe:2.3:a:apache:http_server:2.4.2:::::::* cpe:2.3:a:apache:http_server:2.4.18:::::::* cpe:2.3:a:apache:http_server:2.4.17:::::::* cpe:2.3:a:apache:http_server:2.4.16:::::::* cpe:2.3:a:apache:http_server:2.4.12:::::::* cpe:2.3:a:apache:http_server:2.4.10:::::::* cpe:2.3:a:apache:http_server:2.4.1:::::::*	19
Application	Netapp Cloud Backup cpe:2.3:a:netapp:cloud_backup:-:::::::*	1
Application	Netapp Storagegrid cpe:2.3:a:netapp:storagegrid:-:::::::*	1
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm::: cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm::: cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::	5
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:9.0:::::::* cpe:2.3:o:debian:debian_linux:8.0:::::::* cpe:2.3:o:debian:debian_linux:7.0:::::::*	3
Os	Netapp Clustered Data Ontap cpe:2.3:o:netapp:clustered_data_ontap:-:::::::*	1
Os	Redhat Enterprise Linux Desktop cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*	1
Os	Redhat Enterprise Linux Eus cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*	1
Os	Redhat Enterprise Linux Server cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*	1
Os	Redhat Enterprise Linux Server Aus cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*	1
Os	Redhat Enterprise Linux Server Tus cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*	1
Os	Redhat Enterprise Linux Workstation cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*	1

Nessus® Vulnerability Scanner

Date	Description
2019-01-03	Name : The remote Fedora host is missing a security update. File : fedora_2018-6744ca470d.nasl - Type : ACT_GATHER_INFO
2018-07-03	Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2018-1213.nasl - Type : ACT_GATHER_INFO
2018-05-31	Name : The remote Debian host is missing a security update. File : debian_DLA-1389.nasl - Type : ACT_GATHER_INFO
2018-05-29	Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2018-1151.nasl - Type : ACT_GATHER_INFO
2018-05-29	Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2018-1152.nasl - Type : ACT_GATHER_INFO
2018-05-14	Name : The remote Fedora host is missing a security update. File : fedora_2018-e6d9251471.nasl - Type : ACT_GATHER_INFO
2018-05-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2018-1004.nasl - Type : ACT_GATHER_INFO
2018-04-06	Name : The remote Fedora host is missing a security update. File : fedora_2018-375e3244b6.nasl - Type : ACT_GATHER_INFO
2018-04-04	Name : The remote Debian host is missing a security-related update. File : debian_DSA-4164.nasl - Type : ACT_GATHER_INFO
2018-03-30	Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_4_30.nasl - Type : ACT_GATHER_INFO
2018-03-27	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_f38187e72f6e11e88f07b499baebfeaf.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2020-03-19 13:18:43	First insertion

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	36
Nessus® Exploit(s)	11

	Related
9.8	CVE-2018-1312
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

6.8 - RHSA-2019:1898

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU