CVE-2017-7668

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

References

https://lists.apache.org/thread.html/[email protected]%3Cdev.httpd.apache.org%3E

http://www.securityfocus.com/bid/99137

http://www.securitytracker.com/id/1038711

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

https://security.gentoo.org/glsa/201710-32

http://www.debian.org/security/2017/dsa-3896

https://support.apple.com/HT208221

https://access.redhat.com/errata/RHSA-2017:3194

https://access.redhat.com/errata/RHSA-2017:3193

https://access.redhat.com/errata/RHSA-2017:2483

https://access.redhat.com/errata/RHSA-2017:2479

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03821en_us

https://security.netapp.com/advisory/ntap-20180601-0002/

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://www.tenable.com/security/tns-2019-09

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2017-06-20

Updated: 2021-06-06

Type: CWE-20

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.30:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.31:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.25:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.26:*:*:*:*:*:*:*

Tenable Plugins

View all (31 total)

IDNameProductFamilySeverity
144778IBM HTTP Server 7.0.0.0 < 7.0.0.45 / 8.0.0.0 < 8.0.0.14 / 8.5.0.0 < 8.5.5.12 / 9.0.0.0 < 9.0.0.5 Multiple Vulnerabilities (563615)NessusWeb Servers
critical
127360NewStart CGSL MAIN 4.05 : httpd Multiple Vulnerabilities (NS-SA-2019-0118)NessusNewStart CGSL Local Security Checks
critical
124922EulerOS Virtualization 3.0.1.0 : httpd (EulerOS-SA-2019-1419)NessusHuawei Local Security Checks
critical
124892EulerOS Virtualization for ARM 64 3.0.1.0 : httpd (EulerOS-SA-2019-1389)NessusHuawei Local Security Checks
critical
700511macOS < 10.13 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
98911Apache 2.4.x < 2.4.26 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
108520Juniper Junos Space < 17.2R1 Multiple Vulnerabilities (JSA10838)NessusJunos Local Security Checks
critical
104540RHEL 7 : httpd (RHSA-2017:3194) (Optionsbleed)NessusRed Hat Local Security Checks
critical
104539RHEL 7 : httpd (RHSA-2017:3193) (Optionsbleed)NessusRed Hat Local Security Checks
critical
104379macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)NessusMacOS X Local Security Checks
critical
104270SUSE SLES11 Security Update : apache2 (SUSE-SU-2017:2907-1) (Optionsbleed)NessusSuSE Local Security Checks
critical
104233GLSA-201710-32 : Apache: Multiple vulnerabilities (Optionsbleed)NessusGentoo Local Security Checks
critical
103673FireEye Operating System Multiple Vulnerabilities (AX < 7.7.7 / EX < 8.0.1)NessusFirewalls
critical
103598macOS < 10.13 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
103016EulerOS 2.0 SP2 : httpd (EulerOS-SA-2017-1178)NessusHuawei Local Security Checks
critical
103015EulerOS 2.0 SP1 : httpd (EulerOS-SA-2017-1177)NessusHuawei Local Security Checks
critical
102767CentOS 7 : httpd (CESA-2017:2479)NessusCentOS Local Security Checks
critical
102668Scientific Linux Security Update : httpd on SL7.x x86_64 (20170815)NessusScientific Linux Local Security Checks
critical
102519RHEL 7 : httpd (RHSA-2017:2479)NessusRed Hat Local Security Checks
critical
102515Oracle Linux 7 : httpd (ELSA-2017-2479)NessusOracle Linux Local Security Checks
critical
102178Amazon Linux AMI : httpd24 (ALAS-2017-863)NessusAmazon Linux Local Security Checks
critical
101787Apache 2.2.x < 2.2.34 Multiple VulnerabilitiesNessusWeb Servers
critical
101778Fedora 25 : httpd (2017-9ded7c5670)NessusFedora Local Security Checks
critical
101670Fedora 26 : httpd (2017-81976b6a91)NessusFedora Local Security Checks
critical
101511Fedora 24 : httpd (2017-cf9599a306)NessusFedora Local Security Checks
critical
101175Debian DLA-1009-1 : apache2 security updateNessusDebian Local Security Checks
critical
101117Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : httpd (SSA:2017-180-03)NessusSlackware Local Security Checks
critical
101062Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : apache2 vulnerabilities (USN-3340-1)NessusUbuntu Local Security Checks
critical
101013Debian DSA-3896-1 : apache2 - security updateNessusDebian Local Security Checks
critical
100995Apache 2.2.x < 2.2.33-dev / 2.4.x < 2.4.26 Multiple VulnerabilitiesNessusWeb Servers
critical
100881FreeBSD : Apache httpd -- several vulnerabilities (0c2db2aa-5584-11e7-9a7d-b499baebfeaf)NessusFreeBSD Local Security Checks
critical