7.5
CVSSv2

CVE-2017-7668

Published: 20/06/2017 Updated: 07/02/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

Vulnerability Trend

Affected Products

Vendor Product Versions
ApacheHttp Server2.2.0, 2.2.2, 2.2.3, 2.2.11, 2.2.12, 2.2.13, 2.2.14, 2.2.15, 2.2.16, 2.2.17, 2.2.18, 2.2.19, 2.2.20, 2.2.21, 2.2.22, 2.2.23, 2.2.24, 2.2.25, 2.2.26, 2.2.27, 2.2.29, 2.2.30, 2.2.31, 2.2.32, 2.4.1, 2.4.2, 2.4.10, 2.4.12, 2.4.16, 2.4.17, 2.4.18, 2.4.20, 2.4.23, 2.4.25

Vendor Advisories

Synopsis Important: httpd security update Type/Severity Security Advisory: Important Topic An update for httpd is now available for Red Hat Enterprise Linux 72 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis Important: httpd security update Type/Severity Security Advisory: Important Topic An update for httpd is now available for Red Hat Enterprise Linux 73 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Several security issues were fixed in Apache HTTP Server ...
A buffer over-read flaw was found in the httpd's ap_find_token() function A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request ...
Several security issues were fixed in Apache HTTP Server ...
Several vulnerabilities have been found in the Apache HTTPD server CVE-2017-3167 Emmanuel Dreyfus reported that the use of ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed CVE-2017-3169 Vasileios Panopoulos of AdNovum Informatik AG discovered ...
An out-of-bounds read has been found in Apache httpd < 2426 The HTTP strict parsing changes added in 2232 and 2424 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or ...
<!-- Start - Changes for Security Advisory Channel --> Security Advisory ID SYMSA1410 Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score: Legacy ID 20 Jul 2017 Open High CVSS v2: 75 SA154 ...
ap_find_token() buffer overread:A buffer over-read flaw was found in the httpd's ap_find_token() function A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request (CVE-2017-7668 ) Apache HTTP Request Parsing Whitespace Defects:It was discovered that the HTTP parser in httpd incorrectly allo ...
Arch Linux Security Advisory ASA-201706-34 ========================================== Severity: High Date : 2017-06-28 CVE-ID : CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679 Package : apache Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-316 Summary ======= The package a ...
Summary The HTTP strict parsing changes added in Apache httpd 2232 and 2424 introduced a bug in token list parsing, which allows ap_find_token to search past the end of its input string  By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token to return an ...
Oracle Solaris Third Party Bulletin - July 2017 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical P ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
Oracle Critical Patch Update Advisory - October 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the ...
Oracle Linux Bulletin - July 2017 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released ...

Github Repositories

Awesome Vulnerability Research A curated list of the awesome resources about the Vulnerability Research First things first: There are no exploits in this project Vulnerabilities != Exploits A Vulnerability resides in the software itself, doing nothing on its own If you are really curious about then you’ll find your own way to discover a flow, this list aimed to help

Awesome Vulnerability Research A curated list of the awesome resources about the Vulnerability Research First things first: There are no exploits in this project Vulnerabilities != Exploits A Vulnerability resides in the software itself, doing nothing on its own If you are really curious about then you’ll find your own way to discover a flow, this list aimed to help

GyoiThon: Next generation penetration test tool Japanese page is here Presentation January 25th,2018:JANOG41 March 23th,2018:Black Hat ASIA 2018 Arsenal August 12th,2018:DEFCON26 DemoLabs October 24th,2018:OWS in CSS2018 November 3rd,2018:AV TOKYO 2018 HIVE December 22-23th,2018:SECCON YOROZU 2018 March 28th,2019:Black Hat ASIA 2019 Arsenal Documents Installation Usage Ti

on-pwning This repository contains my solutions to some CTF challenges and a list of interesting resources about pwning stuff Write-Ups/PoCs 365 Days Later: Finding and Exploiting Safari Bugs using Publicly Available Tools | googleprojectzeroblogspotcom • fuzzing 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability | talosintelligencecom A cache invalidation bug in Li

Recent Articles

SAP's Business Client can own entire apps, DDOS them into dust
The Register • Richard Chirgwin • 11 Apr 2018

And that's the worst of ten patches awaiting lucky, lucky SAP admins

SAP has issued its April security update, which brings a waiting world news of ten patch-worthy problems.
The nastiest has a CVSS rating of 9.8 and impacts SAP's Business Client, the desktop tool to access much of its wares.
Details of the problem are behind a registration wall, but according to ERP Scan, the vulnerability is a memory corruption bug that allows an attacker to inject crafted code into working memory. The outcome can be "complete control” over the application, denial...