13 matches found
MiracleLinux 4 : httpd24-httpd-2.4.25-9.AXS4.1 (AXSA:2017-2175:02)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2175:02 advisory. It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related t...
CVE-2017-7668
A buffer over-read flaw was found in the httpd's apfindtoken function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request...
Apache httpd ap_find_token Out of Bounds Read - Ver2 (CVE-2017-7668)
An out-of-bounds read vulnerability exists in Apache HTTP server. This vulnerability is due to improper token list parsing in the apfindtoken function. A remote, unauthenticated attacker could exploit the vulnerability by sending maliciously crafted HTTP request to the affected server...
httpd: ap_find_token() buffer overread
A buffer over-read flaw was found in the httpd's apfindtoken function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request...
The vulnerability of the ap_find_token function in the Apache HTTP Server allows a hacker to trigger a segmentation fault.
The vulnerability of the apfindtoken function in the Apache HTTP Server exists due to insufficient validation of input data during the analysis of the token list. Exploiting this vulnerability can allow a malicious actor to trigger a segmentation fault or cause the apfindtoken function to return ...
BSA-2017-364
Security Advisory ID : BSA-2017-364 Component : Apache HTTPD Revision : 2.0: Final The HTTP strict parsing changes added in Apachehttpd2.2.32 and 2.4.24 introduced a bug in token list parsing, which allowsapfindtokento search past the end of its input string. By maliciously crafting a sequence of...
Scientific Linux Security Update : httpd on SL7.x x86_64 (20170815)
Security Fixes : - It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause htt...
httpd: ap_find_token() buffer overread
A buffer over-read flaw was found in the httpd's apfindtoken function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request...
Apache httpd ap_find_token Out of Bounds Read (CVE-2017-7668)
An out-of-bounds read vulnerability exists in Apache HTTP server. This vulnerability is due to improper token list parsing in the apfindtoken function. A remote, unauthenticated attacker could exploit the vulnerability by sending maliciously crafted HTTP request to the affected server...
ALPINE-CVE-2017-7668
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to...
Apache httpd -- several vulnerabilities
The Apache httpd project reports: apgetbasicauthpw Authentication Bypass CVE-2017-3167: Use of the apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. modssl Null Pointer Dereference CVE-2017-3169:modssl may dereferen...
UBUNTU-CVE-2017-7668
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to...
Apache Httpd < 2.4.26 : ap_find_token() Buffer Overread
The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force...