Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2017-15710

Published: 26/03/2018 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 448
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Apache

Vulnerability Summary

In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server 2.4.1

apache http server 2.4.20

apache http server 2.4.6

apache http server 2.4.12

apache http server 2.4.3

apache http server 2.4.23

apache http server 2.4.4

apache http server 2.4.10

apache http server 2.4.7

apache http server 2.4.25

apache http server 2.4.26

apache http server 2.4.18

apache http server 2.4.2

apache http server 2.4.17

apache http server 2.4.16

apache http server 2.4.9

apache http server 2.4.27

apache http server 2.4.29

apache http server 2.4.28

debian debian linux 8.0

debian debian linux 7.0

debian debian linux 9.0

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

canonical ubuntu linux 12.04

canonical ubuntu linux 17.10

canonical ubuntu linux 18.04

netapp santricity cloud connector -

netapp storage automation store -

netapp storagegrid -

netapp clustered data ontap -

redhat enterprise linux 7.4

redhat enterprise linux 7.0

redhat enterprise linux 6.0

redhat enterprise linux 7.5

redhat enterprise linux 7.6

Vendor Advisories

Red Hat: Moderate: httpd security, bug fix, and enhancement update
Synopsis Moderate: httpd security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for httpd is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2429 security update Type/Severity Security Advisory: Important Topic An update is now available for JBoss Core Services on RHEL 6 and RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2429 SP1 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Pack Apache Server 2429 Service Pack 1 packages for Microsoft Windows and Oracle Solaris are now availableRed Hat Product Security has ...
Red Hat: Moderate: httpd24 security, bug fix, and enhancement update
Synopsis Moderate: httpd24 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of ...
Debian Security Advisories: DSA-4164-1 apache2 -- security update
Several vulnerabilities have been found in the Apache HTTPD server CVE-2017-15710 Alex Nichols and Jakob Hirsch reported that mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, could cause an out of bound write if supplied with a crafted Accept-Language header This could potentially be used for a Denial of Service attack ...
Ubuntu Security Notice: apache2 vulnerabilities
Several security issues were fixed in the Apache HTTP Server ...
Ubuntu Security Notice: apache2 vulnerabilities
Several security issues were fixed in the Apache HTTP Server ...
Ubuntu Security Notice: apache2 vulnerabilities
Several security issues were fixed in Apache ...
Amazon Linux AMI: ALAS-2018-1004
Use-after-free on HTTP/2 stream shutdownWhen an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2430 could have written a NULL pointer potentially to an already freed memory The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team ...
Red Hat: CVE-2017-15710
In Apache httpd 2023 to 2065, 220 to 2234, and 240 to 2429, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials If the header value is not present in the charset conversion table, a fallback mechanism is used to trunc ...
Arch Linux Issues:
In Apache httpd 2023 to 2065, 220 to 2234, and 240 to 2429, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials If the header value is not present in the charset conversion table, a fallback mechanism is used to trunc ...
Tenable Security Advisories: [R1] Tenable.sc 5.13.0 Fixes Multiple Third-Party Vulnerabilities
Tenablesc leverages third-party software to help provide underlying functionality Three separate third-party components (OpenSSL, Apache HTTP Server, SimpleSAMLphp) were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bun ...

Github Repositories

https://github.com/rochoabanuelos/Red-Team-vs-Blue-Team-Analysis

Assessment, Analysis, and Hardening of a Vulnerable System

Red Team vs Blue Team Analysis Assessment, Analysis, and Hardening of a Vulnerable System Network Topology Red Team Penetration Test Network scan to discover target IP netdiscover -r 19216810/24 Machine IP Hyper-V 19216811 Kali Linux (Attacker) 192168190 Capstone (Target) 1921681105 ELK Server 1921681100 Scanning for open ports nmap 1921681105

https://github.com/gknaus008/Red-Team-Vs-Blue-Team-Project

This project was designed to learn the Red and Blue Team sides of cybersecurity. While I did write report on this project, the main focus was on the act of penetrating and detecting an attack.

Red-Team-vs-Blue-Team NETWORK TOPOLOGY Red Team Environment Blue Team Environment RED TEAM - Penetration Test EXPLOITATION Discover target IP: To discover the target ip: netdiscover -r <ip subnet> IP Machine 19216811 Gateway IP, Hyper-V 1921681100 ELK server 1921681105 Capstone, target machine S

https://github.com/Meangreen76/Red-vs.-Blue-Project

Red Team vs. Blue Team scenario in which I played the role of both pentester and SOC analyst.

Red-vs-Blue-Project NETWORK TOPOLOGY RED TEAM - Penetration Test NMAP scan: Port State Service Port 22 Open SSH Port 80 Open HTTP Aggressive scan: An aggressive scan reveals a webserver directory structure on tcp port 80, which is a http port, and two potential usernames of employees – ashton and hannah (which will be more relevant for bruteforcing later):

https://github.com/shamsulchowdhury/Unit-20-Project-2-Red-vs-Blue-Team

Red-Team-vs-Blue-Team NETWORK TOPOLOGY Red Team Environment Blue Team Environment RED TEAM - Penetration Test EXPLOITATION Discover target IP: To discover the target ip: netdiscover -r 19216810/24 IP Machine 19216811 Gateway IP, Hyper-V 1921681100 ELK server 1921681105 Capstone, target machine Service and

https://github.com/FRobertAllen/Red-Team-Vs-Blue-Team

Attackers Vs Defenders NETWORK TOPOLOGY RED TEAM ENVIRONMENT BLUE TEAM ENVIRONMENT Red Team - Penetration Test Identify the target IP We need to run a network scan to locate the target IP address netdiscover -r <IP subnet> IP Machine 19216811 Gateway IP, Hyper-V 1921681100 ELK Server 1921681105

https://github.com/ShattenJager81/Cyber-2

Red-Team-vs-Blue-Team NETWORK TOPOLOGY Red Team Environment Blue Team Environment RED TEAM - Penetration Test EXPLOITATION Discover target IP: To discover the target ip: netdiscover -r 19216810/24 IP Machine 19216811 Gateway IP, Hyper-V 1921681100 ELK server 1921681105 Capstone, target machine Service and

https://github.com/rackerlabs/insightvm_slackbot

Slackbot to automate ad-hoc scanning and reporting in InsightVM.

InsightVM Slack Bot InsightVM_slackbot Slackbot to automate ad-hoc scanning and reporting in insightvm In Slack, simply send a message like @insightvm_bot scan 1921811 and see the bot schedule the scan, run it, and report back the results You can also just set up a direct chat with the bot if you don't want to spam your channel Use the same syntax to schedule a s

https://github.com/SamGeron/Red-Team-vs-Blue-Team

Red-Team-vs-Blue-Team NETWORK TOPOLOGY Red Team Environment Blue Team Environment RED TEAM - Penetration Test EXPLOITATION Discover target IP: To discover the target ip: netdiscover -r <ip subnet> IP Machine 19216811 Gateway IP, Hyper-V 1921681100 ELK server 1921681105 Capstone, target machine S

https://github.com/Chad-Atkinson/Red-vs-Blue-team-project

Red-vs-Blue-team-project Red Team Environment Blue Team Environment RED TEAM - Penetration Test EXPLOITATION Discover target IP: To discover the target ip: netdiscover -r IP Machine 19216811 Gateway IP, Hyper-V 1921681100 ELK server 1921681105 Capstone, target machine Service and version scan: nmap -sV -v 1921681105 Port Service Version Port 22 SSH OpenSSH 76p

https://github.com/AlanShami/Red-Team-vs-Blue-Team-Project

Red-Team-vs-Blue-Team-Project a Red Team vs Blue Team scenario in which you will play the role of both pentester and SOC analyst As the Red Team, you will attack a vulnerable VM within your environment, ultimately gaining root access to the machine As Blue Team, you will use Kibana to review logs taken You'll use the logs to extract hard data and visualizations for the

References

CWE-787https://httpd.apache.org/security/vulnerabilities_24.htmlhttp://www.openwall.com/lists/oss-security/2018/03/24/8http://www.securitytracker.com/id/1040569http://www.securityfocus.com/bid/103512https://www.debian.org/security/2018/dsa-4164https://usn.ubuntu.com/3627-1/https://usn.ubuntu.com/3627-2/https://lists.debian.org/debian-lts-announce/2018/05/msg00020.htmlhttps://security.netapp.com/advisory/ntap-20180601-0004/https://access.redhat.com/errata/RHSA-2018:3558https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_ushttps://access.redhat.com/errata/RHSA-2019:0367https://access.redhat.com/errata/RHSA-2019:0366https://usn.ubuntu.com/3937-2/https://www.tenable.com/security/tns-2019-09https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3Ehttps://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2020:1121https://usn.ubuntu.com/3627-2/https://access.redhat.com/errata/RHSA-2019:0367https://www.debian.org/security/./dsa-4164
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook