Lucene search

K
cveApacheCVE-2017-12613
HistoryOct 24, 2017 - 1:29 a.m.

CVE-2017-12613

2017-10-2401:29:02
CWE-125
apache
web.nvd.nist.gov
383
3
cve
2017
12613
apache portable runtime
memory access vulnerability
information disclosure
denial of service

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

27.2%

When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.

Affected configurations

Nvd
Vulners
Node
apacheportable_runtimeRange<1.7.0
Node
debiandebian_linuxMatch7.0
OR
debiandebian_linuxMatch9.0
Node
redhatjboss_core_servicesMatch-
OR
redhatjboss_core_servicesMatch1.0
OR
redhatjboss_enterprise_web_serverMatch3.0.0
OR
redhatsoftware_collectionsMatch1.0
OR
redhatenterprise_linux_desktopMatch6.0
OR
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_eusMatch6.7
OR
redhatenterprise_linux_eusMatch7.3
OR
redhatenterprise_linux_eusMatch7.4
OR
redhatenterprise_linux_eusMatch7.5
OR
redhatenterprise_linux_eusMatch7.6
OR
redhatenterprise_linux_eusMatch7.7
OR
redhatenterprise_linux_serverMatch6.0
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_server_ausMatch6.4
OR
redhatenterprise_linux_server_ausMatch6.5
OR
redhatenterprise_linux_server_ausMatch6.6
OR
redhatenterprise_linux_server_ausMatch7.2
OR
redhatenterprise_linux_server_ausMatch7.3
OR
redhatenterprise_linux_server_ausMatch7.4
OR
redhatenterprise_linux_server_ausMatch7.6
OR
redhatenterprise_linux_server_ausMatch7.7
OR
redhatenterprise_linux_server_tusMatch6.6
OR
redhatenterprise_linux_server_tusMatch7.2
OR
redhatenterprise_linux_server_tusMatch7.3
OR
redhatenterprise_linux_server_tusMatch7.4
OR
redhatenterprise_linux_server_tusMatch7.6
OR
redhatenterprise_linux_server_tusMatch7.7
OR
redhatenterprise_linux_workstationMatch6.0
OR
redhatenterprise_linux_workstationMatch7.0
VendorProductVersionCPE
apacheportable_runtime*cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*
debiandebian_linux7.0cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
redhatjboss_core_services-cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*
redhatjboss_core_services1.0cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*
redhatjboss_enterprise_web_server3.0.0cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*
redhatsoftware_collections1.0cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
redhatenterprise_linux_desktop6.0cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_desktop7.0cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
redhatenterprise_linux_eus6.7cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*
Rows per page:
1-10 of 331

CNA Affected

[
  {
    "product": "Apache Portable Runtime",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "1.6.2 and prior"
      }
    ]
  }
]

References

Social References

More

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

27.2%