MiracleLinux 4 : httpd24-httpd-2.4.25-9.AXS4.1 (AXSA:2017-2175:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2175:02 advisory. It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related t...

CVE-2017-7668

A buffer over-read flaw was found in the httpd's apfindtoken function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request...

Apache httpd ap_find_token Out of Bounds Read - Ver2 (CVE-2017-7668)

An out-of-bounds read vulnerability exists in Apache HTTP server. This vulnerability is due to improper token list parsing in the apfindtoken function. A remote, unauthenticated attacker could exploit the vulnerability by sending maliciously crafted HTTP request to the affected server...

httpd: ap_find_token() buffer overread

A buffer over-read flaw was found in the httpd's apfindtoken function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request...

BSA-2017-364

Security Advisory ID : BSA-2017-364 Component : Apache HTTPD Revision : 2.0: Final The HTTP strict parsing changes added in Apachehttpd2.2.32 and 2.4.24 introduced a bug in token list parsing, which allowsapfindtokento search past the end of its input string. By maliciously crafting a sequence of...

Scientific Linux Security Update : httpd on SL7.x x86_64 (20170815)

Security Fixes : - It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause htt...

httpd: ap_find_token() buffer overread

A buffer over-read flaw was found in the httpd's apfindtoken function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request...

Apache httpd ap_find_token Out of Bounds Read (CVE-2017-7668)

An out-of-bounds read vulnerability exists in Apache HTTP server. This vulnerability is due to improper token list parsing in the apfindtoken function. A remote, unauthenticated attacker could exploit the vulnerability by sending maliciously crafted HTTP request to the affected server...

ALPINE-CVE-2017-7668

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to...

Apache httpd -- several vulnerabilities

The Apache httpd project reports: apgetbasicauthpw Authentication Bypass CVE-2017-3167: Use of the apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. modssl Null Pointer Dereference CVE-2017-3169:modssl may dereferen...

UBUNTU-CVE-2017-7668

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to...

Apache Httpd < 2.4.26 : ap_find_token() Buffer Overread

The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force...