#VU7119 Out-of-bounds read


Published: 2020-03-18 | Updated: 2021-02-01

Vulnerability identifier: #VU7119

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2017-7679

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Apache HTTP Server
Server applications / Web servers

Vendor: Apache Foundation

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to out-of-bounds read within the mod_mime when constructing Content-Type response header. A remote attacker read one byte pas the end of a buffer when sending a malicious Content-Type response header.

Mitigation
Update Apache HTTP server to version 2.2.34 or 2.4.26.

Vulnerable software versions

Apache HTTP Server: 2.2.0 - 2.4.25


CPE

External links
http://httpd.apache.org/security/vulnerabilities_22.html


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability