Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-7668

Опубликовано: 20 июн. 2017
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS2: 5
CVSS3: 7.5

Описание

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

РелизСтатусПримечание
devel

released

2.4.27-2ubuntu2
esm-infra-legacy/trusty

released

2.4.7-1ubuntu4.16
esm-infra/xenial

released

2.4.18-2ubuntu3.3
precise/esm

not-affected

2.2.22-1ubuntu1.12
trusty

released

2.4.7-1ubuntu4.16
trusty/esm

released

2.4.7-1ubuntu4.16
upstream

pending

2.2.33, 2.4.26
vivid/ubuntu-core

DNE

xenial

released

2.4.18-2ubuntu3.3
yakkety

released

2.4.18-2ubuntu4.2

Показывать по

Ссылки на источники

EPSS

Процентиль: 99%
0.6942
Средний

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2017-7668

CVSS3: 6.5
redhat
больше 8 лет назад

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

nvd логотип

CVE-2017-7668

CVSS3: 7.5
nvd
больше 8 лет назад

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

debian логотип

CVE-2017-7668

CVSS3: 7.5
debian
больше 8 лет назад

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.2 ...

github логотип

GHSA-mcc7-rcr3-2rgr

CVSS3: 7.5
github
больше 3 лет назад

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

fstec логотип

BDU:2017-02150

CVSS3: 9.8
fstec
больше 8 лет назад

Уязвимость функции ap_find_token веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать ошибку сегментации

EPSS

Процентиль: 99%
0.6942
Средний

5 Medium

CVSS2

7.5 High

CVSS3