CVE-2017-7668: ap_find_token buffer overread Severity: Important Vendor: The Apache Software Foundation Versions Affected: httpd 2.2.32 httpd 2.4.24 (unreleased) httpd 2.4.25 Description: The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. Mitigation: 2.2.32 users should either apply the patch available at https://www.apache.org/dist/httpd/patches/apply_to_2.2.32/CVE-2017-7668.patch or upgrade in the future to 2.2.33, which is currently unreleased. 2.4.25 users should upgrade to 2.4.26. Credit: The Apache HTTP Server security team would like to thank Javier Jiménez (javijmor@xxxxxxxxx) for reporting this issue. References: https://httpd.apache.org/security_report.html --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|