Home

CVE-2017-7668

Description

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
64.408

Associated Vulnerability

VulnerabilityOS Platform
Update Apache to version 2.4.26Windows
Update Apache to version 2.2.32Windows
Vulnerabilities CVE-2017-7668 are fixed in Apache 2.4.2Windows
Vulnerabilities CVE-2017-7668 are fixed in Apache 2.2.34Windows
Multiple vulnerabilities are fixed in IBM WebSphere 8.0.0.14Windows
Multiple vulnerabilities are fixed in IBM WebSphere 7.0.0.45Windows
Vulnerabilities CVE-2017-3167,CVE-2017-7679,CVE-2017-7668 are fixed in IBM WebSphere 9.0.0.5Windows
Multiple vulnerabilities are fixed in IBM WebSphere 8.5.5.12Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.2.3Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0Windows
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.1Mac
Multiple vulnerabilities are fixed in Security Update 2017-001 macOS High Sierra v10.13.1Mac
Apache HTTP server (USN-3340-1) apache2-bin_2.4.18-2ubuntu4.2_i386.debLinux
Apache HTTP server (USN-3340-1) apache2-bin_2.4.18-2ubuntu4.2_amd64.debLinux
Apache HTTP server (USN-3340-1) apache2-bin_2.4.7-1ubuntu4.16_i386.debLinux
apache2 security update(DSA-3896-1) apache2_2.4.10-10+deb8u9_kfreebsd-i386.debLinux
apache2 security update(DSA-3896-1) apache2_2.4.10-10+deb8u9_kfreebsd-amd64.debLinux
Update Apache to version 2.4.26 (For Linux)Linux
Update Apache to version 2.2.32 (For Linux)Linux
Out-of-bounds Read Vulnerability (CVE-2017-7668)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601312Security Update 2017-001 macOS High Sierra v10.13.1

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234