5
CVSSv2

CVE-2017-7659

Published: 26/07/2017 Updated: 20/02/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 447
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process.

Vulnerability Trend

Affected Products

Vendor Product Versions
ApacheHttp Server2.4.24, 2.4.25

Vendor Advisories

A NULL pointer dereference flaw was found in the mod_http2 module of httpd A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP/2 request ...
Several vulnerabilities have been found in the Apache HTTPD server CVE-2017-3167 Emmanuel Dreyfus reported that the use of ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed CVE-2017-3169 Vasileios Panopoulos of AdNovum Informatik AG discovered ...
A NULL-pointer dereference leading to denial of service has been found in the mod_http2 component of Apache httpd < 2426 A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process ...
Arch Linux Security Advisory ASA-201706-34 ========================================== Severity: High Date : 2017-06-28 CVE-ID : CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679 Package : apache Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-316 Summary ======= The package a ...
ap_find_token() buffer overread:A buffer over-read flaw was found in the httpd's ap_find_token() function A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request (CVE-2017-7668 ) Apache HTTP Request Parsing Whitespace Defects:It was discovered that the HTTP parser in httpd incorrectly allo ...
<!-- Start - Changes for Security Advisory Channel --> Security Advisory ID SYMSA1410 Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score: Legacy ID 20 Jul 2017 Open High CVSS v2: 75 SA154 ...
Summary A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process Affected Products Brocade is investigating its product lines to determine which products may be affected by this vulnerability and the impact on each affected product Products Confirmed Not Vulnerable Brocade Fabr ...
Oracle Solaris Third Party Bulletin - July 2017 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical P ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
Tenablesc leverages third-party software to help provide underlying functionality Three separate third-party components (OpenSSL, Apache HTTP Server, SimpleSAMLphp) were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bun ...

Github Repositories

honggfuzz Description A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options See USAGE for more data on the usage It's multi-threaded and multi-process: no need to run multiple copies of your fuzzer, as honggfuzz can unlock potential of all your available CPU cores The file corpus is shared between threads (and fuzzed i

honggfuzz Description A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options See USAGE for more data on the usage It's multi-threaded and multi-process: no need to run multiple copies of your fuzzer, as honggfuzz can unlock potential of all your available CPU cores The file corpus is shared between threads (and fuzzed i

honggfuzz Description A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options See USAGE for more data on the usage It's multi-threaded and multi-process: no need to run multiple copies of your fuzzer, as honggfuzz can unlock potential of all your available CPU cores The file corpus is shared between threads (and fuzzed i

honggfuzz Description A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options See USAGE for the description of command-line options It's multi-process and multi-threaded: no need to run multiple copies of your fuzzer, as honggfuzz can unlock potential of all your available CPU cores with a single supervising process The

honggfuzz Description A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options See USAGE for more data on the usage It's multi-threaded and multi-process: no need to run multiple copies of your fuzzer, as honggfuzz can unlock potential of all your available CPU cores The file corpus is shared between threads (and fuzzed i