Main Vulnerability Database Vulnerabilities #VU7117

Out-of-bound read in Apache HTTP Server - CVE-2017-7668

Published: June 20, 2017 / Updated: July 14, 2017

Vulnerability identifier: #VU7117

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-7668

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apache Foundation

Affected software:
Apache HTTP Server

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing token lists within ap_find_token() function. A remote unauthenticated attacker can create a specially crafted sequence of HTTP headers and refer to data past the end of the search string.

Successful exploitation of this vulnerability results segmentation fault and web server crash.

How to mitigate CVE-2017-7668

Update to version 2.2.34 or 2.4.26.

Sources

https://httpd.apache.org/security/vulnerabilities_22.html

Out-of-bound read in Apache HTTP Server - CVE-2017-7668

Detailed vulnerability description

How to mitigate CVE-2017-7668

Sources

Please verify you're human