Details of VAR-201706-1000

ID

VAR-201706-1000

CVE

CVE-2017-7679

TITLE

Apache httpd Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-005026

DESCRIPTION

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. Apache httpd Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ========================================================================== Ubuntu Security Notice USN-3373-1 July 31, 2017 apache2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Several security issues were fixed in Apache HTTP Server. This update adds a new ap_get_basic_auth_components() function for use by third-party modules. (CVE-2017-3167) Vasileios Panopoulos discovered that the Apache mod_ssl module may crash when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port. (CVE-2017-3169) Javier JimA(c)nez discovered that the Apache HTTP Server incorrectly handled parsing certain requests. (CVE-2017-7679) David Dennerline and RA(c)gis Leroy discovered that the Apache HTTP Server incorrectly handled unusual whitespace when parsing requests, contrary to specifications. This update may introduce compatibility issues with clients that do not strictly follow HTTP protocol specifications. A new configuration option "HttpProtocolOptions Unsafe" can be used to revert to the previous unsafe behaviour in problematic environments. (CVE-2016-8743) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: A apache2.2-binA A A A A A A A A A A A A A A A A A A 2.2.22-1ubuntu1.12 In general, a standard system update will make all the necessary changes. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es): * An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. JIRA issues fixed (https://issues.jboss.org/): JBCS-403 - Errata for httpd 2.4.23.SP3 RHEL6 7. (CVE-2017-7679) * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. (CVE-2017-9798) Red Hat would like to thank Hanno BAPck for reporting CVE-2017-9798. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: httpd security update Advisory ID: RHSA-2017:2478-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2478 Issue date: 2017-08-15 CVE Names: CVE-2017-3167 CVE-2017-3169 CVE-2017-7679 CVE-2017-9788 ===================================================================== 1. Summary: An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788) * It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167) * A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169) * A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass 1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference 1463207 - CVE-2017-7679 httpd: mod_mime buffer overread 1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: httpd-2.2.15-60.el6_9.5.src.rpm i386: httpd-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-tools-2.2.15-60.el6_9.5.i686.rpm x86_64: httpd-2.2.15-60.el6_9.5.x86_64.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-tools-2.2.15-60.el6_9.5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm mod_ssl-2.2.15-60.el6_9.5.i686.rpm noarch: httpd-manual-2.2.15-60.el6_9.5.noarch.rpm x86_64: httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.x86_64.rpm mod_ssl-2.2.15-60.el6_9.5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: httpd-2.2.15-60.el6_9.5.src.rpm x86_64: httpd-2.2.15-60.el6_9.5.x86_64.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-tools-2.2.15-60.el6_9.5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: httpd-manual-2.2.15-60.el6_9.5.noarch.rpm x86_64: httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.x86_64.rpm mod_ssl-2.2.15-60.el6_9.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: httpd-2.2.15-60.el6_9.5.src.rpm i386: httpd-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-tools-2.2.15-60.el6_9.5.i686.rpm mod_ssl-2.2.15-60.el6_9.5.i686.rpm noarch: httpd-manual-2.2.15-60.el6_9.5.noarch.rpm ppc64: httpd-2.2.15-60.el6_9.5.ppc64.rpm httpd-debuginfo-2.2.15-60.el6_9.5.ppc.rpm httpd-debuginfo-2.2.15-60.el6_9.5.ppc64.rpm httpd-devel-2.2.15-60.el6_9.5.ppc.rpm httpd-devel-2.2.15-60.el6_9.5.ppc64.rpm httpd-tools-2.2.15-60.el6_9.5.ppc64.rpm mod_ssl-2.2.15-60.el6_9.5.ppc64.rpm s390x: httpd-2.2.15-60.el6_9.5.s390x.rpm httpd-debuginfo-2.2.15-60.el6_9.5.s390.rpm httpd-debuginfo-2.2.15-60.el6_9.5.s390x.rpm httpd-devel-2.2.15-60.el6_9.5.s390.rpm httpd-devel-2.2.15-60.el6_9.5.s390x.rpm httpd-tools-2.2.15-60.el6_9.5.s390x.rpm mod_ssl-2.2.15-60.el6_9.5.s390x.rpm x86_64: httpd-2.2.15-60.el6_9.5.x86_64.rpm httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.x86_64.rpm httpd-tools-2.2.15-60.el6_9.5.x86_64.rpm mod_ssl-2.2.15-60.el6_9.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: httpd-2.2.15-60.el6_9.5.src.rpm i386: httpd-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-tools-2.2.15-60.el6_9.5.i686.rpm mod_ssl-2.2.15-60.el6_9.5.i686.rpm noarch: httpd-manual-2.2.15-60.el6_9.5.noarch.rpm x86_64: httpd-2.2.15-60.el6_9.5.x86_64.rpm httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.x86_64.rpm httpd-tools-2.2.15-60.el6_9.5.x86_64.rpm mod_ssl-2.2.15-60.el6_9.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-3167 https://access.redhat.com/security/cve/CVE-2017-3169 https://access.redhat.com/security/cve/CVE-2017-7679 https://access.redhat.com/security/cve/CVE-2017-9788 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZkzq3XlSAg2UNWIIRAjxIAJ9JoJcSMguc2VTpgJl2P5BGoM2IrACfXd/8 Jxb2g1bdehw6Jjq0qF13AEM= =ZvYI -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files)

Trust: 2.34

sources: NVD: CVE-2017-7679 // JVNDB: JVNDB-2017-005026 // VULMON: CVE-2017-7679 // PACKETSTORM: 143146 // PACKETSTORM: 143561 // PACKETSTORM: 145457 // PACKETSTORM: 144960 // PACKETSTORM: 143766 // PACKETSTORM: 145455 // PACKETSTORM: 144968

AFFECTED PRODUCTS

vendor:	apache	model:	http server	scope:	lt	version:	2.4.26	Trust: 1.0
vendor:	apache	model:	http server	scope:	gte	version:	2.4.0	Trust: 1.0
vendor:	apache	model:	http server	scope:	lt	version:	2.2.33	Trust: 1.0
vendor:	apache	model:	http server	scope:	gte	version:	2.2.0	Trust: 1.0
vendor:	hitachi	model:	jp1/automatic job management system 3	scope:	eq	version:	- manager web console	Trust: 0.8
vendor:	hitachi	model:	jp1/integrated management	scope:	eq	version:	- service support starter edition	Trust: 0.8
vendor:	hitachi	model:	jp1/it desktop management	scope:	eq	version:	2 - operations director	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	(64)	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	express	Trust: 0.8
vendor:	hitachi	model:	tuning manager	scope:	eq	version:	software	Trust: 0.8
vendor:	hitachi	model:	job management partner 1/integrated management	scope:	eq	version:	- service support	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer	scope:	eq	version:	professional for plug-in	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service platform	scope:	eq	version:	- messaging	Trust: 0.8
vendor:	hitachi	model:	jp1/integrated management	scope:	eq	version:	- service support advanced edition	Trust: 0.8
vendor:	hitachi	model:	compute systems manager	scope:	eq	version:	none	Trust: 0.8
vendor:	hitachi	model:	infrastructure analytics advisor	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	job management partner 1/it desktop management	scope:	eq	version:	2 - smart device manager	Trust: 0.8
vendor:	hitachi	model:	jp1/performance management	scope:	eq	version:	- web console	Trust: 0.8
vendor:	hitachi	model:	tiered storage manager	scope:	eq	version:	software	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer standard	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service platform	scope:	eq	version:	(64)	Trust: 0.8
vendor:	apache	model:	httpd	scope:	eq	version:	2.4.26	Trust: 0.8
vendor:	hitachi	model:	replication manager	scope:	eq	version:	software	Trust: 0.8
vendor:	hitachi	model:	jp1/performance management	scope:	eq	version:	- manager	Trust: 0.8
vendor:	hitachi	model:	jp1/it desktop management - manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/automatic operation	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer	scope:	eq	version:	01	Trust: 0.8
vendor:	hitachi	model:	global link manager	scope:	eq	version:	none	Trust: 0.8
vendor:	hitachi	model:	job management partner 1/performance management - web console	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	job management partner 1/it desktop management	scope:	eq	version:	2 - manager	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer light	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	none	Trust: 0.8
vendor:	hitachi	model:	jp1/it desktop management	scope:	eq	version:	2 - smart device manager	Trust: 0.8
vendor:	hitachi	model:	application server for developers	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/integrated management	scope:	eq	version:	- service support	Trust: 0.8
vendor:	hitachi	model:	compute systems manager	scope:	eq	version:	software	Trust: 0.8
vendor:	hitachi	model:	configuration manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus primary server	scope:	eq	version:	base	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	st ard-r	Trust: 0.8
vendor:	hitachi	model:	ucosminexus primary server	scope:	eq	version:	base(64)	Trust: 0.8
vendor:	hitachi	model:	job management partner 1/integrated management	scope:	eq	version:	- service support advanced edition	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service platform	scope:	eq	version:	none	Trust: 0.8
vendor:	apache	model:	httpd	scope:	eq	version:	2.2.33	Trust: 0.8
vendor:	hitachi	model:	it operations director	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/service support	scope:	eq	version:	none	Trust: 0.8
vendor:	hitachi	model:	jp1/operations analytics	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	tuning manager	scope:	eq	version:	none	Trust: 0.8
vendor:	hitachi	model:	cosminexus http server	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/service support	scope:	eq	version:	starter edition	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	-r	Trust: 0.8
vendor:	hitachi	model:	jp1/it desktop management	scope:	eq	version:	2 - manager	Trust: 0.8
vendor:	hitachi	model:	global link manager	scope:	eq	version:	software	Trust: 0.8
vendor:	hitachi	model:	job management partner 1/it desktop management - manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service architect	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server enterprise	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/performance management	scope:	eq	version:	- manager web console	Trust: 0.8
vendor:	nec	model:	spoolserver/winspool series	scope:	eq	version:	reportfiling ver5.2 ~ 6.2	Trust: 0.8
vendor:	hitachi	model:	automation director	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	tiered storage manager	scope:	eq	version:	none	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server standard	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	connexive pf	scope:	eq	version:	v6.5	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer	scope:	eq	version:	professional	Trust: 0.8
vendor:	apache	model:	httpd	scope:	lt	version:	2.2.x	Trust: 0.8
vendor:	hitachi	model:	replication manager	scope:	eq	version:	none	Trust: 0.8
vendor:	hitachi	model:	device manager	scope:	eq	version:	software	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer	scope:	eq	version:	none	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server smart edition	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	application server	scope:	-	version:	-	Trust: 0.8
vendor:	apache	model:	httpd	scope:	lt	version:	2.4.x	Trust: 0.8
vendor:	apache	model:	http server	scope:	eq	version:	2.4.24	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.4.19	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.4.16	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.4.25	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.4.20	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.4.22	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.4.17	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.4.18	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.4.23	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.4.21	Trust: 0.6

sources: JVNDB: JVNDB-2017-005026 // CNNVD: CNNVD-201704-572 // NVD: CVE-2017-7679

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7679
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-7679
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201704-572
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2017-7679
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-7679
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2017-7679
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULMON: CVE-2017-7679 // JVNDB: JVNDB-2017-005026 // CNNVD: CNNVD-201704-572 // NVD: CVE-2017-7679

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.8
problemtype:	CWE-126	Trust: 1.0

sources: JVNDB: JVNDB-2017-005026 // NVD: CVE-2017-7679

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 144960 // PACKETSTORM: 143766 // PACKETSTORM: 144968 // CNNVD: CNNVD-201704-572

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201704-572

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005026

PATCH

title:	hitachi-sec-2018-101	url:	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-101/index.html	Trust: 0.8
title:	hitachi-sec-2018-103	url:	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-103/index.html	Trust: 0.8
title:	hitachi-sec-2017-123	url:	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-123/index.html	Trust: 0.8
title:	NV17-014	url:	http://jpn.nec.com/security-info/secinfo/nv17-014.html	Trust: 0.8
title:	CVE-2017-7679: mod_mime buffer overread	url:	https://lists.apache.org/thread.html/f4515e580dfb6eeca589a5cdebd4c4c709ce632b12924f343c3b7751@%3Cdev.httpd.apache.org%3E	Trust: 0.8
title:	hitachi-sec-2017-123	url:	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-123/index.html	Trust: 0.8
title:	hitachi-sec-2018-101	url:	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-101/index.html	Trust: 0.8
title:	hitachi-sec-2018-103	url:	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-103/index.html	Trust: 0.8
title:	Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89482	Trust: 0.6
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173477 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173476 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173194 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173193 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173475 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173195 - Security Advisory	Trust: 0.1
title:	Red Hat: CVE-2017-7679	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2017-7679	Trust: 0.1
title:	Ubuntu Security Notice: apache2 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3340-1	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2017-7679	Trust: 0.1
title:	Ubuntu Security Notice: apache2 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3373-1	Trust: 0.1
title:	Debian Security Advisories: DSA-3896-1 apache2 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a100e91e6529637522c4f74492953f8c	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2017-892	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2017-892	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2017-863	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2017-863	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201706-34] apache: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201706-34	Trust: 0.1
title:	Symantec Security Advisories: SA154: Apache httpd Vulnerabilities June 2017	url:	https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=6f891c1513dfb5c26769ed38bcac6e4f	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2017	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=a22ad41e97bbfc5abb0bb927bf43089c	Trust: 0.1
title:	Tenable Security Advisories: [R1] Tenable.sc 5.13.0 Fixes Multiple Third-Party Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2019-09	Trust: 0.1
title:	Oracle Linux Bulletins: Oracle Linux Bulletin - July 2017	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=549dc795290b298746065b62b4bb7928	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - October 2017	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a	Trust: 0.1
title:	POC	url:	https://github.com/j031t/POC	Trust: 0.1
title:	Shodan	url:	https://github.com/averna-syd/Shodan	Trust: 0.1
title:	netlas-go	url:	https://github.com/mmpx12/netlas-go	Trust: 0.1
title:	watchdog	url:	https://github.com/flipkart-incubator/watchdog	Trust: 0.1
title:	-	url:	https://github.com/catdever/watchdog	Trust: 0.1
title:	watchdog	url:	https://github.com/rohankumardubey/watchdog	Trust: 0.1
title:	nrich	url:	https://github.com/retr0-13/nrich	Trust: 0.1
title:	-	url:	https://github.com/RoseSecurity-Research/Red-Teaming-TTPs	Trust: 0.1
title:	Red-Teaming-TTPs	url:	https://github.com/RoseSecurity/Red-Teaming-TTPs	Trust: 0.1
title:	Shodan-nrich	url:	https://github.com/PawanKumarPandit/Shodan-nrich	Trust: 0.1
title:	DC-3-Vulnhub-Walkthrough	url:	https://github.com/vshaliii/DC-3-Vulnhub-Walkthrough	Trust: 0.1
title:	DC-2-Vulnhub-Walkthrough	url:	https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough	Trust: 0.1
title:	DC-1-Vulnhub-Walkthrough	url:	https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough	Trust: 0.1
title:	-	url:	https://github.com/hrbrmstr/internetdb	Trust: 0.1
title:	-	url:	https://github.com/SecureAxom/strike	Trust: 0.1
title:	pigat	url:	https://github.com/syadg123/pigat	Trust: 0.1

sources: VULMON: CVE-2017-7679 // JVNDB: JVNDB-2017-005026 // CNNVD: CNNVD-201704-572

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7679	Trust: 3.2
db:	TENABLE	id:	TNS-2019-09	Trust: 1.6
db:	SECTRACK	id:	1038711	Trust: 1.6
db:	BID	id:	99170	Trust: 1.6
db:	JVN	id:	JVNVU98416507	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-005026	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-572	Trust: 0.6
db:	VULMON	id:	CVE-2017-7679	Trust: 0.1
db:	PACKETSTORM	id:	143146	Trust: 0.1
db:	PACKETSTORM	id:	143561	Trust: 0.1
db:	PACKETSTORM	id:	145457	Trust: 0.1
db:	PACKETSTORM	id:	144960	Trust: 0.1
db:	PACKETSTORM	id:	143766	Trust: 0.1
db:	PACKETSTORM	id:	145455	Trust: 0.1
db:	PACKETSTORM	id:	144968	Trust: 0.1

sources: VULMON: CVE-2017-7679 // JVNDB: JVNDB-2017-005026 // PACKETSTORM: 143146 // PACKETSTORM: 143561 // PACKETSTORM: 145457 // PACKETSTORM: 144960 // PACKETSTORM: 143766 // PACKETSTORM: 145455 // PACKETSTORM: 144968 // CNNVD: CNNVD-201704-572 // NVD: CVE-2017-7679

REFERENCES

url:	https://access.redhat.com/errata/rhsa-2017:3477	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2017:3193	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2017:2478	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2017:3475	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2017:3194	Trust: 1.7
url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbux03908en_us	Trust: 1.6
url:	https://security.gentoo.org/glsa/201710-32	Trust: 1.6
url:	https://support.apple.com/ht208221	Trust: 1.6
url:	https://github.com/gottburgm/exploits/tree/master/cve-2017-7679	Trust: 1.6
url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03821en_us	Trust: 1.6
url:	https://security.netapp.com/advisory/ntap-20180601-0002/	Trust: 1.6
url:	http://www.debian.org/security/2017/dsa-3896	Trust: 1.6
url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	Trust: 1.6
url:	http://www.securityfocus.com/bid/99170	Trust: 1.6
url:	http://www.securitytracker.com/id/1038711	Trust: 1.6
url:	https://access.redhat.com/errata/rhsa-2017:2479	Trust: 1.6
url:	https://www.nomachine.com/su08o00185	Trust: 1.6
url:	https://www.tenable.com/security/tns-2019-09	Trust: 1.6
url:	https://access.redhat.com/errata/rhsa-2017:3195	Trust: 1.6
url:	https://access.redhat.com/errata/rhsa-2017:3476	Trust: 1.6
url:	https://access.redhat.com/errata/rhsa-2017:2483	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7679	Trust: 1.5
url:	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/f4515e580dfb6eeca589a5cdebd4c4c709ce632b12924f343c3b7751%40%3cdev.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3ccvs.httpd.apache.org%3e	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7679	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98416507/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3167	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3169	Trust: 0.7
url:	httpd.apache.org%3e	Trust: 0.6
url:	https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/f4515e580dfb6eeca589a5cdebd4c4c709ce632b12924f343c3b7751@%3cdev.	Trust: 0.6
url:	https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.	Trust: 0.6
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2017-7679	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2017-3167	Trust: 0.5
url:	https://access.redhat.com/security/team/contact/	Trust: 0.5
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2017-3169	Trust: 0.5
url:	https://bugzilla.redhat.com/):	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7668	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2017-9798	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9798	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2017-9788	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9788	Trust: 0.3
url:	https://issues.jboss.org/):	Trust: 0.2
url:	https://access.redhat.com/documentation/en/red-hat-jboss-core-services/	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2017-12613	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12613	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2017-7668	Trust: 0.2
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.16	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu4.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.25-3ubuntu2.1	Trust: 0.1
url:	https://www.ubuntu.com/usn/usn-3340-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu3.3	Trust: 0.1
url:	https://www.ubuntu.com/usn/usn-3373-1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8743	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp&downloadtype=securitypatches&version=2.4.23	Trust: 0.1

sources: JVNDB: JVNDB-2017-005026 // PACKETSTORM: 143146 // PACKETSTORM: 143561 // PACKETSTORM: 145457 // PACKETSTORM: 144960 // PACKETSTORM: 143766 // PACKETSTORM: 145455 // PACKETSTORM: 144968 // CNNVD: CNNVD-201704-572 // NVD: CVE-2017-7679

CREDITS

Red Hat

Trust: 0.5

sources: PACKETSTORM: 145457 // PACKETSTORM: 144960 // PACKETSTORM: 143766 // PACKETSTORM: 145455 // PACKETSTORM: 144968

SOURCES

db:	VULMON	id:	CVE-2017-7679
db:	JVNDB	id:	JVNDB-2017-005026
db:	PACKETSTORM	id:	143146
db:	PACKETSTORM	id:	143561
db:	PACKETSTORM	id:	145457
db:	PACKETSTORM	id:	144960
db:	PACKETSTORM	id:	143766
db:	PACKETSTORM	id:	145455
db:	PACKETSTORM	id:	144968
db:	CNNVD	id:	CNNVD-201704-572
db:	NVD	id:	CVE-2017-7679

LAST UPDATE DATE

2024-11-21T21:23:15.787000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2017-7679	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-005026	date:	2018-02-01T00:00:00
db:	CNNVD	id:	CNNVD-201704-572	date:	2021-06-07T00:00:00
db:	NVD	id:	CVE-2017-7679	date:	2023-11-07T02:50:15.043

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2017-7679	date:	2017-06-20T00:00:00
db:	JVNDB	id:	JVNDB-2017-005026	date:	2017-07-13T00:00:00
db:	PACKETSTORM	id:	143146	date:	2017-06-26T23:34:52
db:	PACKETSTORM	id:	143561	date:	2017-07-31T18:22:22
db:	PACKETSTORM	id:	145457	date:	2017-12-17T15:29:14
db:	PACKETSTORM	id:	144960	date:	2017-11-13T22:23:00
db:	PACKETSTORM	id:	143766	date:	2017-08-15T22:24:00
db:	PACKETSTORM	id:	145455	date:	2017-12-17T15:27:58
db:	PACKETSTORM	id:	144968	date:	2017-11-14T04:32:05
db:	CNNVD	id:	CNNVD-201704-572	date:	2017-04-12T00:00:00
db:	NVD	id:	CVE-2017-7679	date:	2017-06-20T01:29:00.423