CVE-2017-7668

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force apfindtoken() to return an incorrect value.

Database specific

{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "5.3"
                }
            ],
            "cpe": "cpe:2.3:a:oracle:secure_global_desktop:5.3:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "fixed": "10.13.1"
                },
                {
                    "introduced": "10.11.0"
                },
                {
                    "fixed": "10.11.6"
                },
                {
                    "introduced": "10.12.0"
                },
                {
                    "fixed": "10.12.6"
                }
            ],
            "cpe": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "10.11.6-NA"
                }
            ],
            "cpe": "cpe:2.3:o:apple:mac_os_x:10.11.6:-:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "10.11.6-security_update_2016\\-001"
                }
            ],
            "cpe": "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2016-001:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "10.11.6-security_update_2016\\-002"
                }
            ],
            "cpe": "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2016-002:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "10.11.6-security_update_2016\\-003"
                }
            ],
            "cpe": "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2016-003:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "10.11.6-security_update_2017\\-001"
                }
            ],
            "cpe": "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2017-001:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "10.11.6-security_update_2017\\-002"
                }
            ],
            "cpe": "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2017-002:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "10.11.6-security_update_2017\\-003"
                }
            ],
            "cpe": "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2017-003:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "10.12.6-NA"
                }
            ],
            "cpe": "cpe:2.3:o:apple:mac_os_x:10.12.6:-:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "8.0"
                }
            ],
            "cpe": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "9.0"
                }
            ],
            "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.0"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.2"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.3"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.4"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.5"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.6"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.7"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.0"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.2"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.3"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.4"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.6"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.7"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.2"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.3"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.4"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.6"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.7"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.0"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        }
    ]
}

References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type

GIT

Repo

https://github.com/apache/httpd

Events

Introduced

Last affected

9b121e157581e2e40983cdf89727e8f424544f99

Last affected

68efa7025a071be93c7e755839529ac6bd984d56

Last affected

954dfbe8a95dac3b93e12761f65754104f1696ea

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.32"
        },
        {
            "last_affected": "2.4.24"
        },
        {
            "last_affected": "2.4.25"
        }
    ],
    "cpe": [
        "cpe:2.3:a:apache:http_server:2.2.32:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:http_server:2.4.24:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*"
    ],
    "source": "CPE_FIELD"
}

Affected versions

2.*

2.2.32

2.4.24

2.4.25

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7668.json"