Multiple vulnerabilities in Apache HTTP server
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2017-3167 CVE-2017-3169 CVE-2017-7668 CVE-2017-9788 CVE-2017-7679 |
| CWE-ID | CWE-592 CWE-125 CWE-200 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #5 is available. |
| Vulnerable software Subscribe |
Apache HTTP Server Server applications / Web servers |
| Vendor | Apache Foundation |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Authentication bypass
EUVDB-ID: #VU7115
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3167
CWE-ID:
CWE-592 - Authentication Bypass Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to usage of the ap_get_basic_auth_pw() function by third-party modules outside of the authentication phase. A remote attacker can create a specially crafted HTTP request to vulnerable web server, bypass authentication requirements and gain unauthorized access to otherwise protected information.
MitigationUpdate Apache HTTP server to version 2.2.34 or 2.4.26.
Vulnerable software versionsApache HTTP Server: 2.2.0 - 2.4.25
External linkshttp://httpd.apache.org/security/vulnerabilities_22.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU7116
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-3169
CWE-ID:
CWE-592 - Authentication Bypass Issues
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform denial of service attack.
The vulnerability exists due to a NULL pointer dereference error within mod_ssl module, when third-party modules call ap_hook_process_connection() function during an HTTP request to an HTTPS port. A remote attacker can send a specially crafted HTTP request and crash the affected web server.
MitigationUpdate Apache HTTP server to version 2.2.34 or 2.4.26.
Vulnerable software versionsApache HTTP Server: 2.2.0 - 2.4.25
External linkshttp://httpd.apache.org/security/vulnerabilities_22.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Out-of-bound read
EUVDB-ID: #VU7117
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-7668
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing token lists within ap_find_token() function. A remote unauthenticated attacker can create a specially crafted sequence of HTTP headers and refer to data past the end of the search string.
Successful exploitation of this vulnerability results segmentation fault and web server crash.
MitigationUpdate to version 2.2.34 or 2.4.26.
Vulnerable software versionsApache HTTP Server: 2.2.32 - 2.4.25
External linkshttp://httpd.apache.org/security/vulnerabilities_22.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU7517
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-9788
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information on the targeted system.
The weakness exists due to improper initialization of the value placeholder in [Proxy-]Authorization headers of type 'Digest' before or between successive key=value assignments by mod_auth_digest. A remote attacker can provide an initial key with no '=' assignment to cause the stale value of uninitialized pool memory used by the prior request to leak.
Successful exploitation of the vulnerability results in information disclosure.
MitigationUpdate Apache HTTP server to version 2.2.34 or 2.4.26.
Vulnerable software versionsApache HTTP Server: 2.2.0 - 2.4.25
External linkshttp://httpd.apache.org/security/vulnerabilities_22.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU7119
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-7679
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to out-of-bounds read within the mod_mime when constructing Content-Type response header. A remote attacker read one byte pas the end of a buffer when sending a malicious Content-Type response header.
Mitigation
Update Apache HTTP server to version 2.2.34 or 2.4.26.
Vulnerable software versionsApache HTTP Server: 2.2.0 - 2.4.25
External linkshttp://httpd.apache.org/security/vulnerabilities_22.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
