The vulnerability of the ap_find_token function in the Apache HTTP Server allows a hacker to trigger a segmentation fault.

🗓️ 22 Sep 2017 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

ap_find_token flaw in Apache Server causes segmentation faults or incorrect results from crafted headers due to weak token list validation.

Reporter	Title	Published	Views	Family All 142
FreeBSD	Apache httpd -- several vulnerabilities	20 Jun 201700:00	–	freebsd
IBM Security Bulletins	Security Bulletin: Vulnerabilities in httpd affect Power Hardware Management Console	23 Sep 202101:45	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway	16 Jun 201822:01	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix	15 Jun 201807:08	–	ibm
IBM Security Bulletins	Security Bulletin: A Security vulnerability has been identified in IBM HTTP Server bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud (CVE-2017-7679, CVE-2017-7668, CVE-2017-3167)	15 Jun 201807:07	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in HTTPD affect IBM BladeCenter Advanced Management Module (AMM)	14 Apr 202314:32	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On	10 Jul 201816:24	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in apache2 affect IBM Flex System Manager (FSM)	18 Jun 201801:42	–	ibm
IBM Security Bulletins	Security Bulletin: Open Source Apache HTTP Server Vulnerabilities which is used by IBM PureApplication Systems (CVE-2017-7668)	15 Jun 201807:08	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Network Manager IP Edition	17 Jun 201815:43	–	ibm

Vulners

Node

apache http_serverMatch2.2.32

OR

apache http_serverMatch2.4.24

OR

red_hat red_hat_enterprise_linuxMatch7

Source	Link
securityfocus	www.securityfocus.com/bid/99137
lists	www.lists.apache.org/thread.html/55a068b6a5eec0b3198ae7d96a7cb412352d0ffa7716612c5af3745b%3Cdev.httpd.apache.org%3E
access	www.access.redhat.com/security/cve/CVE-2017-7668
debian	www.debian.org/security/2017/dsa-3896
web	www.web.nvd.nist.gov/view/vuln/detail

25 Mar 2021 00:00Current

7.4High risk

Vulners AI Score7.4

CVSS 27.5

CVSS 39.8

EPSS0.64829

ap_find_token token list input validation segmentation fault crafted headers apache web server