CVE-2017-7679

CWE-126 — Buffer Over-read CWE-119 — Buffer Overflow CWE-125 — Out-of-bounds Read12 documents10 sources

Severity

9.8CRITICAL

EPSS

30.1%

top 3.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server Apache Software Foundation Apache Http Server

Timeline

PublishedJun 20

Latest updateMay 13

Description

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDapache/http_server2.2.0 — 2.2.33+1

▶Debianapache2< 2.4.25-4+3

▶CVEListV5apache_software_foundation/apache_http_server2.2.0 to 2.2.32, 2.4.0 to 2.4.25+1

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-v946-67fg-g8xg: In Apache httpd 2↗2022-05-13

▶

CVEList

CVE-2017-7679: In Apache httpd 2↗2017-06-20

▶

OSV

CVE-2017-7679: In Apache httpd 2↗2017-06-20

▶

📋Vendor Advisories

Apple

CVE-2017-7679: macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan↗2017-10-31

▶

Ubuntu

Apache HTTP Server vulnerabilities↗2017-07-31

▶

Ubuntu

Apache HTTP Server vulnerabilities↗2017-06-26

▶

Red Hat

httpd: mod_mime buffer overread↗2017-06-20

▶

Debian

CVE-2017-7679: apache2 - In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read o...↗2017

▶

💬Community

Bugzilla

CVE-2017-7679 httpd: mod_mime buffer overread↗2017-06-20

▶

Bugzilla

CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679 httpd: various flaws [fedora-all]↗2017-06-20

▶