CVE-2016-3110: mod_cluster Denial of Service vulnerability
(updated )
mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element.
References
- bugzilla.redhat.com/show_bug.cgi?id=1326320
- github.com/advisories/GHSA-68qq-3phh-53j7
- github.com/modcluster/mod_cluster
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6JMA2YLPK6SEUVF5Q3QEANHYEPRZA2RI
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CX5QNNIVAUB2VVDV6TR3YMFTL6VRKOBO
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HE5YZTBZRXCMQFT5LDLZG2HAYBKMYQLL
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JMA2YLPK6SEUVF5Q3QEANHYEPRZA2RI
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CX5QNNIVAUB2VVDV6TR3YMFTL6VRKOBO
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HE5YZTBZRXCMQFT5LDLZG2HAYBKMYQLL
- nvd.nist.gov/vuln/detail/CVE-2016-3110
- web.archive.org/web/20200227231527/http://www.securityfocus.com/bid/92584
Code Behaviors & Features
Detect and mitigate CVE-2016-3110 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →