An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.
Find out more about CVE-2017-12613 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS3 Base Score | 7.4 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H |
Attack Vector | Network |
Attack Complexity | High |
Privileges Required | None |
User Interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity Impact | None |
Availability Impact | High |
Platform | Errata | Release Date |
---|---|---|
Red Hat Enterprise Linux Extended Update Support 6.7 (apr) | RHSA-2018:1253 | 2018-04-26 |
Red Hat Enterprise Linux Advanced Update Support 6.6 (apr) | RHSA-2018:1253 | 2018-04-26 |
Red Hat Enterprise Linux Server TUS (v. 6.6) (apr) | RHSA-2018:1253 | 2018-04-26 |
Red Hat Enterprise Linux 7 (apr) | RHSA-2017:3270 | 2017-11-28 |
Red Hat JBoss Web Server 3.1 for RHEL 6 | RHSA-2018:0466 | 2018-03-07 |
Red Hat Enterprise Linux Advanced Update Support 6.4 (apr) | RHSA-2018:1253 | 2018-04-26 |
Red Hat JBoss Web Server 3.1 for RHEL 7 | RHSA-2018:0466 | 2018-03-07 |
Red Hat Software Collections for Red Hat Enterprise Linux 6 (httpd24-apr) | RHSA-2018:0316 | 2018-02-13 |
Red Hat Enterprise Linux Advanced Update Support 6.5 (apr) | RHSA-2018:1253 | 2018-04-26 |
Red Hat Enterprise Linux Extended Update Support 7.3 (apr) | RHSA-2018:1253 | 2018-04-26 |
Red Hat JBoss Web Server 3.1 | RHSA-2018:0465 | 2018-03-07 |
Red Hat JBoss Core Services 1 | RHSA-2017:3475 | 2017-12-15 |
Red Hat Enterprise Linux 6 (apr) | RHSA-2017:3270 | 2017-11-28 |
Red Hat Enterprise Linux Server TUS (v. 7.2) (apr) | RHSA-2018:1253 | 2018-04-26 |
Red Hat Enterprise Linux Server Update Services for SAP Solutions 7.2 (apr) | RHSA-2018:1253 | 2018-04-26 |
Red Hat JBoss Core Services on RHEL 6 Server | RHSA-2017:3477 | 2017-12-15 |
Red Hat JBoss Core Services on RHEL 7 Server | RHSA-2017:3476 | 2017-12-15 |
Red Hat Enterprise Linux Advanced Update Support 7.2 (apr) | RHSA-2018:1253 | 2018-04-26 |
Platform | Package | State |
---|---|---|
Red Hat JBoss Web Server 3.0 | apr | Will not fix |
Red Hat JBoss EAP 6 | httpd | Affected |
Red Hat Enterprise Linux 5 | apr | Will not fix |