#VU7119 Out-of-bounds read in Apache HTTP Server

Published: 2020-03-18 | Updated: 2021-02-01

Vulnerability identifier: #VU7119

Vulnerability risk: Medium


CVE-ID: CVE-2017-7679


Exploitation vector: Network

Exploit availability:

Vulnerable software:
Apache HTTP Server
Server applications / Web servers

Vendor: Apache Foundation


The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to out-of-bounds read within the mod_mime when constructing Content-Type response header. A remote attacker read one byte pas the end of a buffer when sending a malicious Content-Type response header.

Update Apache HTTP server to version 2.2.34 or 2.4.26.

Vulnerable software versions

Apache HTTP Server: 2.2.0 - 2.4.25

Fixed software versions


External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability