CVE-2016-0736
Description
In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Apache HTTP Server mod_session_crypto uses CBC/ECB modes without authenticated encryption, enabling padding oracle attacks on session cookies.
Vulnerability
In Apache HTTP Server versions 2.4.0 through 2.4.23, the mod_session_crypto module encrypts session data and cookies using the configured ciphers with either CBC or ECB modes of operation (AES256-CBC by default). No selectable or built-in authenticated encryption is provided, making the implementation vulnerable to padding oracle attacks [1][2].
Exploitation
An attacker with network access to observe encrypted session cookies can perform a padding oracle attack by sending modified ciphertexts to the server and observing the server's response (e.g., error messages or timing differences). This allows the attacker to decrypt the session data byte by byte without knowing the encryption key [2].
Impact
Successful exploitation leads to disclosure of the plaintext session data, which may contain sensitive information such as authentication tokens or user attributes. The attacker can then potentially forge valid session cookies, leading to session hijacking and unauthorized access [1][2].
Mitigation
Upgrade to Apache HTTP Server 2.4.26 or later, which includes a fix that adds authenticated encryption support [2]. Red Hat Enterprise Linux users can apply the updated httpd packages provided in RHSA-2017:0906 and RHSA-2017:1161 [1][4]. Apple macOS users received the fix in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan [3].
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
8- osv-coords7 versionspkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2
< 2.4.16-19.1+ 6 more
- (no CPE)range: < 2.4.16-19.1
- (no CPE)range: < 2.4.23-21.1
- (no CPE)range: < 2.4.23-21.1
- (no CPE)range: < 2.4.16-19.1
- (no CPE)range: < 2.4.23-21.1
- (no CPE)range: < 2.4.16-19.1
- (no CPE)range: < 2.4.23-21.1
- Apache Software Foundation/Apache HTTP Serverv5Range: 2.4.0 to 2.4.23
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
27- www.securityfocus.com/bid/95078nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1037508nvdThird Party AdvisoryVDB Entry
- h20566.www2.hpe.com/hpsc/doc/public/displaynvdThird Party Advisory
- httpd.apache.org/security/vulnerabilities_24.htmlnvdVendor Advisory
- security.gentoo.org/glsa/201701-36nvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2017-1415.htmlnvd
- www.debian.org/security/2017/dsa-3796nvd
- access.redhat.com/errata/RHSA-2017:0906nvd
- access.redhat.com/errata/RHSA-2017:1161nvd
- access.redhat.com/errata/RHSA-2017:1413nvd
- access.redhat.com/errata/RHSA-2017:1414nvd
- lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Envd
- security.netapp.com/advisory/ntap-20180423-0001/nvd
- support.apple.com/HT208221nvd
- www.exploit-db.com/exploits/40961/nvd
- www.tenable.com/security/tns-2017-04nvd
News mentions
0No linked articles in our index yet.