The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

CPENameOperatorVersion
apache httpdeq2.4.25

CPE	Name	Operator	Version
	apache httpd	eq	2.4.25

ibm 22

f5 1

cve 1

httpd 1

checkpoint_advisories 2

redhatcve 1

prion 1

osv 3

openvas 14

alpinelinux 1

ubuntucve 1

hackerone 1

veracode 1

debiancve 1

oraclelinux 2

nessus 30

ubuntu 2

debian 3

redhat 4

fedora 3

slackware 1

archlinux 1

freebsd 1

symantec 1

centos 1

amazon 1

gentoo 1

mageia 1

apple 2

oracle 1

ibm

Security Bulletin: Open Source Apache HTTP Server Vulnerabilities which is used by IBM PureApplication Systems (CVE-2017-7668)

2018-06-15 07:08:07

Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM API Connect (CVE-2017-7668, CVE-2017-7679)

2018-06-15 07:08:46

Security Bulletin: A Security vulnerability has been identified in IBM HTTP Server bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud (CVE-2017-7679, CVE-2017-7668, CVE-2017-3167)

2018-06-15 07:07:54

K54624443 : Apache HTTPD vulnerability CVE-2017-7668

2017-07-14 00:00:00

cve

CVE-2017-7668

2017-06-20 01:29:00

httpd

Apache Httpd < 2.2.34 : ap_find_token() Buffer Overread

2017-05-06 00:00:00

checkpoint_advisories

Apache httpd ap_find_token Out of Bounds Read (CVE-2017-7668)

2017-07-31 00:00:00

Apache httpd ap_find_token Out of Bounds Read - Ver2 (CVE-2017-7668)

2018-07-03 00:00:00

redhatcve

CVE-2017-7668

2019-10-08 10:48:59

prion

Input validation

2017-06-20 01:29:00

osv

CVE-2017-7668

2017-06-20 01:29:00

apache2 - security update

2017-06-22 00:00:00

apache2 - security update

2017-07-02 00:00:00

openvas

Apache HTTP Server Denial-Of-Service Vulnerability June17 (Linux)

2017-06-21 00:00:00

Apache HTTP Server Denial-Of-Service Vulnerability June17 (Windows)

2017-06-21 00:00:00

Debian LTS: Security Advisory for apache2 (DLA-1009-1)

2018-02-05 00:00:00

alpinelinux

CVE-2017-7668

2017-06-20 01:29:00

ubuntucve

CVE-2017-7668

2017-06-19 00:00:00

hackerone

Internet Bug Bounty: ap_find_token() Buffer Overread

2017-06-20 08:36:29

veracode

Denial Of Service (DoS)

2019-05-02 06:45:16

debiancve

CVE-2017-7668

2017-06-20 01:29:00

oraclelinux

httpd security and bug fix update

2017-07-11 00:00:00

httpd security update

2017-08-15 00:00:00

nessus

IBM HTTP Server 7.0.0.0 < 7.0.0.45 / 8.0.0.0 < 8.0.0.14 / 8.5.0.0 < 8.5.5.12 / 9.0.0.0 < 9.0.0.5 Multiple Vulnerabilities (563615)

2021-01-06 00:00:00

Ubuntu 14.04 LTS / 16.04 LTS : Apache HTTP Server vulnerabilities (USN-3340-1)

2017-06-27 00:00:00

Debian DLA-1009-1 : apache2 security update

2017-07-03 00:00:00

ubuntu

Apache HTTP Server vulnerabilities

2017-06-26 00:00:00

Apache HTTP Server vulnerabilities

2017-07-31 00:00:00

debian

[SECURITY] [DLA 1009-1] apache2 security update

2017-07-02 18:48:50

[SECURITY] [DSA 3896-1] apache2 security update

2017-06-22 19:41:41

[SECURITY] [DSA 3896-1] apache2 security update

2017-06-22 19:41:41

redhat

(RHSA-2017:2479) Important: httpd security update

2017-08-15 15:55:44

(RHSA-2017:3194) Important: httpd security update

2017-11-13 16:37:59

(RHSA-2017:3193) Important: httpd security update

2017-11-13 16:37:21

fedora

[SECURITY] Fedora 26 Update: httpd-2.4.26-1.fc26

2017-07-07 23:20:56

[SECURITY] Fedora 24 Update: httpd-2.4.26-1.fc24

2017-07-12 01:54:48

[SECURITY] Fedora 25 Update: httpd-2.4.27-2.fc25

2017-07-15 19:56:05

slackware

[slackware-security] httpd

2017-06-29 21:34:52

archlinux

[ASA-201706-34] apache: multiple issues

2017-06-28 00:00:00

freebsd

Apache httpd -- several vulnerabilities

2017-06-20 00:00:00

symantec

SA154: Apache httpd Vulnerabilities June 2017

2017-07-20 08:00:00

centos

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

2017-08-24 09:43:51

amazon

Medium: httpd24

2017-08-03 18:53:00

gentoo

Apache: Multiple vulnerabilities

2017-10-29 00:00:00

mageia

Updated apache packages fix security vulnerability

2018-01-01 13:38:51

apple

About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan

2017-10-31 00:00:00

About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan - Apple Support

2019-04-03 09:42:09

oracle

Oracle Critical Patch Update - October 2017

2017-10-17 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.273 Low

EPSS

Percentile

96.7%

JSON

Related for HTTPD:F42C3F30D72C7F0EAB800B29D17B0701