Home

CVE-2017-15710

Description

In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the users credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, en-US is truncated to en). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
7.22

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in Apache 2.4.33Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.2.3Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0Windows
Apache HTTP server (USN-3425-1) apache2-bin_2.4.18-2ubuntu3.8_amd64.debLinux
Apache HTTP server (USN-3425-1) apache2-bin_2.4.18-2ubuntu3.8_i386.debLinux
Apache HTTP server (USN-3370-1) apache2-bin_2.4.18-2ubuntu3.8_amd64.debLinux
Apache HTTP server (USN-3370-1) apache2-bin_2.4.18-2ubuntu3.8_i386.debLinux
Apache HTTP server (USN-3627-1) apache2-bin_2.4.18-2ubuntu3.8_i386.debLinux
Apache HTTP server (USN-3627-1) apache2-bin_2.4.18-2ubuntu3.8_amd64.debLinux
Apache HTTP server (USN-3627-1) apache2-bin_2.4.7-1ubuntu4.20_i386.debLinux
Apache HTTP server (USN-3627-1) apache2-bin_2.4.7-1ubuntu4.20_amd64.debLinux
Apache HTTP server (USN-3627-2) apache2-bin_2.4.29-1ubuntu4.1_i386.debLinux
Apache HTTP server (USN-3627-2) apache2-bin_2.4.29-1ubuntu4.1_amd64.debLinux
apache2 security update(DSA-4164-1) apache2_2.4.25-3+deb9u4_i386.debLinux
apache2 security update(DSA-4164-1) apache2_2.4.25-3+deb9u4_amd64.debLinux
SUSE-SU-2018:1079-1(SUSE Linux Enterprise Server 11-SP4 ) apache2-2.2.34-70.15.1.x86_64.rpmLinux
SUSE-SU-2018:1079-1(SUSE Linux Enterprise Server 11-SP4 ) apache2-doc-2.2.34-70.15.1.x86_64.rpmLinux
SUSE-SU-2018:1079-1(SUSE Linux Enterprise Server 11-SP4 ) apache2-example-pages-2.2.34-70.15.1.x86_64.rpmLinux
SUSE-SU-2018:1079-1(SUSE Linux Enterprise Server 11-SP4 ) apache2-prefork-2.2.34-70.15.1.x86_64.rpmLinux
SUSE-SU-2018:1079-1(SUSE Linux Enterprise Server 11-SP4 ) apache2-utils-2.2.34-70.15.1.x86_64.rpmLinux
SUSE-SU-2018:1079-1(SUSE Linux Enterprise Server 11-SP4 ) apache2-worker-2.2.34-70.15.1.x86_64.rpmLinux
(RHSA-2020:1121) httpd security, bug fix, and enhancement update httpd-2.4.6-93.el7.x86_64.rpmLinux
(RHSA-2020:1121) httpd security, bug fix, and enhancement update httpd-devel-2.4.6-93.el7.x86_64.rpmLinux
(RHSA-2020:1121) httpd security, bug fix, and enhancement update httpd-manual-2.4.6-93.el7.noarch.rpmLinux
(RHSA-2020:1121) httpd security, bug fix, and enhancement update httpd-tools-2.4.6-93.el7.x86_64.rpmLinux
(RHSA-2020:1121) httpd security, bug fix, and enhancement update mod_ldap-2.4.6-93.el7.x86_64.rpmLinux
(RHSA-2020:1121) httpd security, bug fix, and enhancement update mod_proxy_html-2.4.6-93.el7.x86_64.rpmLinux
(RHSA-2020:1121) httpd security, bug fix, and enhancement update mod_session-2.4.6-93.el7.x86_64.rpmLinux
(RHSA-2020:1121) httpd security, bug fix, and enhancement update mod_ssl-2.4.6-93.el7.x86_64.rpmLinux
Out-of-bounds Write Vulnerability (CVE-2017-15710)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234