Summary

Security Advisory ID : BSA-2017-500

Component : Apache HTTPD

Revision : 1.0: Final

It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. Affects version 2.4.x up to 2.4.23

Affected Products
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.

Revision History

Version	Change	Date
1.0	Final	Jul 27, 2017