Apache – CVE-2016-0736


Kayran has detected that the Version of Apache HTTP Server being used has a Cryptographic Issue (CWE-310).
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently, these deal with the use of encoding techniques, encryption libraries, and hashing algorithms.

Also known as CVE-2016-0736.

Attackers abuse the fact that mod_session_crypto is encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default) and there’s no selectable or builtin authenticated encryption.

This would allow attacker to initiate padding oracle attacks, specifically with CBC.


To fix CVE-2016-0736, upgrade the version of Apache HTTP Server being used to 2.4.25.




< Return to all Vulnerabilities

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 30,000+ vulnerabilities.Kayran’s mission is to make

Read More »