CVE-2017-7668

httpd: ap_find_token() buffer overread

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

Los cambios en el análisis sintáctico estricto de HTTP añadidos en las versiones 2.2.32 y 2.4.24 de Apache httpd introdujeron un error en el análisis de listas de tokens. Esto permite que ap_find_token() busque más allá del final de la cadena de entrada. Un atacante puede conseguir causar un fallo de segmentación o forzar a que ap_find_token() devuelva un valor incorrecto mediante la manipulación de una secuencia de cabeceras de peticiones con fines maliciosos.

A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-04-11 CVE Reserved
2017-06-20 CVE Published
2024-02-08 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-122: Heap-based Buffer Overflow
CWE-125: Out-of-bounds Read
CWE-126: Buffer Over-read

CAPEC

References (37)

URL	Tag	Source
http://www.securityfocus.com/bid/99137	Third Party Advisory
http://www.securitytracker.com/id/1038711	Third Party Advisory
https://lists.apache.org/thread.html/55a068b6a5eec0b3198ae7d96a7cb412352d0ffa7716612c5af3745b%40%3Cdev.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://security.netapp.com/advisory/ntap-20180601-0002	Third Party Advisory
https://support.apple.com/HT208221	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03821en_us	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us	Third Party Advisory
https://www.tenable.com/security/tns-2019-09	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	2023-11-07

URL	Date	SRC
http://www.debian.org/security/2017/dsa-3896	2023-11-07
https://access.redhat.com/errata/RHSA-2017:2479	2023-11-07
https://access.redhat.com/errata/RHSA-2017:2483	2023-11-07
https://access.redhat.com/errata/RHSA-2017:3193	2023-11-07
https://access.redhat.com/errata/RHSA-2017:3194	2023-11-07
https://security.gentoo.org/glsa/201710-32	2023-11-07
https://access.redhat.com/security/cve/CVE-2017-7668	2017-11-13
https://bugzilla.redhat.com/show_bug.cgi?id=1463205	2017-11-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.2.32 Search vendor "Apache" for product "Http Server" and version "2.2.32"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.4.24 Search vendor "Apache" for product "Http Server" and version "2.4.24"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.4.25 Search vendor "Apache" for product "Http Server" and version "2.4.25"		-		Affected
Netapp Search vendor "Netapp"		Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap"				-		-		Affected
Netapp Search vendor "Netapp"		Oncommand Unified Manager Search vendor "Netapp" for product "Oncommand Unified Manager"				-		7-mode		Affected
Netapp Search vendor "Netapp"		Storagegrid Search vendor "Netapp" for product "Storagegrid"				-		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus"				7.2 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.2"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus"				7.3 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.3"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus"				7.4 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus"				7.5 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.5"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus"				7.6 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus"				7.7 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.7"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				7.2 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.2"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				7.3 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.3"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				7.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				7.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				7.7 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.7"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus"				7.2 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.2"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus"				7.3 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.3"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus"				7.4 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus"				7.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus"				7.7 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.7"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation"				7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Oracle Search vendor "Oracle"		Secure Global Desktop Search vendor "Oracle" for product "Secure Global Desktop"				5.3 Search vendor "Oracle" for product "Secure Global Desktop" and version "5.3"		-		Affected
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				< 10.13.1 Search vendor "Apple" for product "Mac Os X" and version " < 10.13.1"		-		Affected
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				>= 10.11.0 < 10.11.6 Search vendor "Apple" for product "Mac Os X" and version " >= 10.11.0 < 10.11.6"		-		Affected
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				>= 10.12.0 < 10.12.6 Search vendor "Apple" for product "Mac Os X" and version " >= 10.12.0 < 10.12.6"		-		Affected
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				10.11.6 Search vendor "Apple" for product "Mac Os X" and version "10.11.6"		-		Affected
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				10.11.6 Search vendor "Apple" for product "Mac Os X" and version "10.11.6"		security_update_2016-001		Affected
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				10.11.6 Search vendor "Apple" for product "Mac Os X" and version "10.11.6"		security_update_2016-002		Affected
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				10.11.6 Search vendor "Apple" for product "Mac Os X" and version "10.11.6"		security_update_2016-003		Affected
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				10.11.6 Search vendor "Apple" for product "Mac Os X" and version "10.11.6"		security_update_2017-001		Affected
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				10.11.6 Search vendor "Apple" for product "Mac Os X" and version "10.11.6"		security_update_2017-002		Affected
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				10.11.6 Search vendor "Apple" for product "Mac Os X" and version "10.11.6"		security_update_2017-003		Affected
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				10.12.6 Search vendor "Apple" for product "Mac Os X" and version "10.12.6"		-		Affected