VYPR
High severity7.5NVD Advisory· Published Jul 27, 2017· Updated Jun 17, 2026

CVE-2016-0736

CVE-2016-0736

Description

In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

26

Patches

Vulnerability mechanics

References

27

News mentions

0

No linked articles in our index yet.