vulnerability
IBM HTTP Server: CVE-2017-7668: Security Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | 2017-06-19 | 2018-06-22 | 2022-05-02 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
2017-06-19
Added
2018-06-22
Modified
2022-05-02
Description
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.
Solution(s)
ibm-http_server-apply-fix-pack-8_0_0_14ibm-http_server-apply-fix-pack-8_5_5_12ibm-http_server-apply-fix-pack-9_0_0_5ibm-http_server-apply-interim-fix-pi82263-for-8_0ibm-http_server-apply-interim-fix-pi82263-for-8_5ibm-http_server-apply-interim-fix-pi82263-for-9_0
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.