CVE-2017-7668

high

Apache

CVSS v3 Base Score

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

62.8%

Exploitation probability in 30 days

Top 2% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Confidentiality

None

Integrity

None

Availability

High

Published: June 20, 2017 (3251 days ago)

Last Modified: May 13, 2026

Vendor: Apache

Source: NVD

Description

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

CWE

CWE-126

Affected Products

apache http servernetapp clustered data ontapnetapp oncommand unified managernetapp storagegridredhat enterprise linux desktopredhat enterprise linux eusredhat enterprise linux serverredhat enterprise linux server ausredhat enterprise linux server tusredhat enterprise linux workstation

References

🔗 www.debian.org 🔗 www.oracle.com 🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 access.redhat.com

CVE-2017-7668

Vulnerability Report

Description

CWE

Affected Products

References