ID

VAR-201706-1000


CVE

CVE-2017-7679


TITLE

Apache httpd Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-005026

DESCRIPTION

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. Apache httpd Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apache HTTP Server is prone to a buffer-overflow vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed. The following versions are vulnerable: Apache HTTP Server 2.2.0 to 2.2.32 Apache HTTP Server 2.4.0 to 2.4.25. ========================================================================== Ubuntu Security Notice USN-3373-1 July 31, 2017 apache2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Several security issues were fixed in Apache HTTP Server. This update adds a new ap_get_basic_auth_components() function for use by third-party modules. (CVE-2017-3167) Vasileios Panopoulos discovered that the Apache mod_ssl module may crash when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port. (CVE-2017-3169) Javier JimA(c)nez discovered that the Apache HTTP Server incorrectly handled parsing certain requests. (CVE-2017-7679) David Dennerline and RA(c)gis Leroy discovered that the Apache HTTP Server incorrectly handled unusual whitespace when parsing requests, contrary to specifications. This update may introduce compatibility issues with clients that do not strictly follow HTTP protocol specifications. A new configuration option "HttpProtocolOptions Unsafe" can be used to revert to the previous unsafe behaviour in problematic environments. (CVE-2016-8743) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: A apache2.2-binA A A A A A A A A A A A A A A A A A A 2.2.22-1ubuntu1.12 In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201710-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Apache: Multiple vulnerabilities Date: October 29, 2017 Bugs: #622240, #624868, #631308 ID: 201710-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Apache, the worst of which may result in the loss of secrets. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/apache < 2.4.27-r1 >= 2.4.27-r1 Description =========== Multiple vulnerabilities have been discovered in Apache. Please review the referenced CVE identifiers for details. Impact ====== The Optionsbleed vulnerability can leak arbitrary memory from the server process that may contain secrets. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.27-r1" References ========== [ 1 ] CVE-2017-3167 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3167 [ 2 ] CVE-2017-3169 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3169 [ 3 ] CVE-2017-7659 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7659 [ 4 ] CVE-2017-7668 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7668 [ 5 ] CVE-2017-7679 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7679 [ 6 ] CVE-2017-9788 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9788 [ 7 ] CVE-2017-9789 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9789 [ 8 ] CVE-2017-9798 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201710-32 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: httpd security update Advisory ID: RHSA-2017:2479-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2479 Issue date: 2017-08-15 CVE Names: CVE-2017-3167 CVE-2017-3169 CVE-2017-7668 CVE-2017-7679 CVE-2017-9788 ===================================================================== 1. Summary: An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Security Fix(es): * It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788) * It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167) * A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169) * A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668) * A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass 1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference 1463205 - CVE-2017-7668 httpd: ap_find_token() buffer overread 1463207 - CVE-2017-7679 httpd: mod_mime buffer overread 1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: httpd-2.4.6-67.el7_4.2.src.rpm noarch: httpd-manual-2.4.6-67.el7_4.2.noarch.rpm x86_64: httpd-2.4.6-67.el7_4.2.x86_64.rpm httpd-debuginfo-2.4.6-67.el7_4.2.x86_64.rpm httpd-devel-2.4.6-67.el7_4.2.x86_64.rpm httpd-tools-2.4.6-67.el7_4.2.x86_64.rpm mod_ldap-2.4.6-67.el7_4.2.x86_64.rpm mod_proxy_html-2.4.6-67.el7_4.2.x86_64.rpm mod_session-2.4.6-67.el7_4.2.x86_64.rpm mod_ssl-2.4.6-67.el7_4.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: httpd-2.4.6-67.el7_4.2.src.rpm noarch: httpd-manual-2.4.6-67.el7_4.2.noarch.rpm x86_64: httpd-2.4.6-67.el7_4.2.x86_64.rpm httpd-debuginfo-2.4.6-67.el7_4.2.x86_64.rpm httpd-devel-2.4.6-67.el7_4.2.x86_64.rpm httpd-tools-2.4.6-67.el7_4.2.x86_64.rpm mod_ldap-2.4.6-67.el7_4.2.x86_64.rpm mod_proxy_html-2.4.6-67.el7_4.2.x86_64.rpm mod_session-2.4.6-67.el7_4.2.x86_64.rpm mod_ssl-2.4.6-67.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: httpd-2.4.6-67.el7_4.2.src.rpm aarch64: httpd-2.4.6-67.el7_4.2.aarch64.rpm httpd-debuginfo-2.4.6-67.el7_4.2.aarch64.rpm httpd-devel-2.4.6-67.el7_4.2.aarch64.rpm httpd-tools-2.4.6-67.el7_4.2.aarch64.rpm mod_session-2.4.6-67.el7_4.2.aarch64.rpm mod_ssl-2.4.6-67.el7_4.2.aarch64.rpm noarch: httpd-manual-2.4.6-67.el7_4.2.noarch.rpm ppc64: httpd-2.4.6-67.el7_4.2.ppc64.rpm httpd-debuginfo-2.4.6-67.el7_4.2.ppc64.rpm httpd-devel-2.4.6-67.el7_4.2.ppc64.rpm httpd-tools-2.4.6-67.el7_4.2.ppc64.rpm mod_session-2.4.6-67.el7_4.2.ppc64.rpm mod_ssl-2.4.6-67.el7_4.2.ppc64.rpm ppc64le: httpd-2.4.6-67.el7_4.2.ppc64le.rpm httpd-debuginfo-2.4.6-67.el7_4.2.ppc64le.rpm httpd-devel-2.4.6-67.el7_4.2.ppc64le.rpm httpd-tools-2.4.6-67.el7_4.2.ppc64le.rpm mod_session-2.4.6-67.el7_4.2.ppc64le.rpm mod_ssl-2.4.6-67.el7_4.2.ppc64le.rpm s390x: httpd-2.4.6-67.el7_4.2.s390x.rpm httpd-debuginfo-2.4.6-67.el7_4.2.s390x.rpm httpd-devel-2.4.6-67.el7_4.2.s390x.rpm httpd-tools-2.4.6-67.el7_4.2.s390x.rpm mod_session-2.4.6-67.el7_4.2.s390x.rpm mod_ssl-2.4.6-67.el7_4.2.s390x.rpm x86_64: httpd-2.4.6-67.el7_4.2.x86_64.rpm httpd-debuginfo-2.4.6-67.el7_4.2.x86_64.rpm httpd-devel-2.4.6-67.el7_4.2.x86_64.rpm httpd-tools-2.4.6-67.el7_4.2.x86_64.rpm mod_session-2.4.6-67.el7_4.2.x86_64.rpm mod_ssl-2.4.6-67.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: httpd-debuginfo-2.4.6-67.el7_4.2.aarch64.rpm mod_ldap-2.4.6-67.el7_4.2.aarch64.rpm mod_proxy_html-2.4.6-67.el7_4.2.aarch64.rpm ppc64: httpd-debuginfo-2.4.6-67.el7_4.2.ppc64.rpm mod_ldap-2.4.6-67.el7_4.2.ppc64.rpm mod_proxy_html-2.4.6-67.el7_4.2.ppc64.rpm ppc64le: httpd-debuginfo-2.4.6-67.el7_4.2.ppc64le.rpm mod_ldap-2.4.6-67.el7_4.2.ppc64le.rpm mod_proxy_html-2.4.6-67.el7_4.2.ppc64le.rpm s390x: httpd-debuginfo-2.4.6-67.el7_4.2.s390x.rpm mod_ldap-2.4.6-67.el7_4.2.s390x.rpm mod_proxy_html-2.4.6-67.el7_4.2.s390x.rpm x86_64: httpd-debuginfo-2.4.6-67.el7_4.2.x86_64.rpm mod_ldap-2.4.6-67.el7_4.2.x86_64.rpm mod_proxy_html-2.4.6-67.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: httpd-2.4.6-67.el7_4.2.src.rpm noarch: httpd-manual-2.4.6-67.el7_4.2.noarch.rpm x86_64: httpd-2.4.6-67.el7_4.2.x86_64.rpm httpd-debuginfo-2.4.6-67.el7_4.2.x86_64.rpm httpd-devel-2.4.6-67.el7_4.2.x86_64.rpm httpd-tools-2.4.6-67.el7_4.2.x86_64.rpm mod_session-2.4.6-67.el7_4.2.x86_64.rpm mod_ssl-2.4.6-67.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: httpd-debuginfo-2.4.6-67.el7_4.2.x86_64.rpm mod_ldap-2.4.6-67.el7_4.2.x86_64.rpm mod_proxy_html-2.4.6-67.el7_4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-3167 https://access.redhat.com/security/cve/CVE-2017-3169 https://access.redhat.com/security/cve/CVE-2017-7668 https://access.redhat.com/security/cve/CVE-2017-7679 https://access.redhat.com/security/cve/CVE-2017-9788 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZkz2LXlSAg2UNWIIRAt0MAJ9LvD/FlXeCaSo7hbsOQiUO2TFbFgCghvNu ug98ZOhnKCMkaBhPFLHQSic= =glD9 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7.2) - ppc64, ppc64le, s390x, x86_64 3. (CVE-2017-7679) * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. (CVE-2017-9798) Red Hat would like to thank Hanno BAPck for reporting CVE-2017-9798. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es): * An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. JIRA issues fixed (https://issues.jboss.org/): JBCS-402 - Errata for httpd 2.4.23.SP3 RHEL7 7

Trust: 2.61

sources: NVD: CVE-2017-7679 // JVNDB: JVNDB-2017-005026 // BID: 99170 // VULMON: CVE-2017-7679 // PACKETSTORM: 143146 // PACKETSTORM: 143561 // PACKETSTORM: 144791 // PACKETSTORM: 143767 // PACKETSTORM: 144960 // PACKETSTORM: 144968 // PACKETSTORM: 145456

AFFECTED PRODUCTS

vendor:apachemodel:http serverscope:gteversion:2.4.0

Trust: 1.0

vendor:apachemodel:http serverscope:ltversion:2.2.33

Trust: 1.0

vendor:apachemodel:http serverscope:ltversion:2.4.26

Trust: 1.0

vendor:apachemodel:http serverscope:gteversion:2.2.0

Trust: 1.0

vendor:hitachimodel:jp1/automatic job management system 3scope:eqversion:- manager web console

Trust: 0.8

vendor:hitachimodel:jp1/integrated managementscope:eqversion:- service support starter edition

Trust: 0.8

vendor:hitachimodel:jp1/it desktop managementscope:eqversion:2 - operations director

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:(64)

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:express

Trust: 0.8

vendor:hitachimodel:tuning managerscope:eqversion:software

Trust: 0.8

vendor:hitachimodel:job management partner 1/integrated managementscope:eqversion:- service support

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:professional for plug-in

Trust: 0.8

vendor:hitachimodel:ucosminexus service platformscope:eqversion:- messaging

Trust: 0.8

vendor:hitachimodel:jp1/integrated managementscope:eqversion:- service support advanced edition

Trust: 0.8

vendor:hitachimodel:compute systems managerscope:eqversion:none

Trust: 0.8

vendor:hitachimodel:infrastructure analytics advisorscope: - version: -

Trust: 0.8

vendor:hitachimodel:job management partner 1/it desktop managementscope:eqversion:2 - smart device manager

Trust: 0.8

vendor:hitachimodel:jp1/performance managementscope:eqversion:- web console

Trust: 0.8

vendor:hitachimodel:tiered storage managerscope:eqversion:software

Trust: 0.8

vendor:hitachimodel:ucosminexus developer standardscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus service platformscope:eqversion:(64)

Trust: 0.8

vendor:apachemodel:httpdscope:eqversion:2.4.26

Trust: 0.8

vendor:hitachimodel:replication managerscope:eqversion:software

Trust: 0.8

vendor:hitachimodel:jp1/performance managementscope:eqversion:- manager

Trust: 0.8

vendor:hitachimodel:jp1/it desktop management - managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/automatic operationscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:01

Trust: 0.8

vendor:hitachimodel:global link managerscope:eqversion:none

Trust: 0.8

vendor:hitachimodel:job management partner 1/performance management - web consolescope: - version: -

Trust: 0.8

vendor:hitachimodel:job management partner 1/it desktop managementscope:eqversion:2 - manager

Trust: 0.8

vendor:hitachimodel:ucosminexus developer lightscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:none

Trust: 0.8

vendor:hitachimodel:jp1/it desktop managementscope:eqversion:2 - smart device manager

Trust: 0.8

vendor:hitachimodel:application server for developersscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/integrated managementscope:eqversion:- service support

Trust: 0.8

vendor:hitachimodel:compute systems managerscope:eqversion:software

Trust: 0.8

vendor:hitachimodel:configuration managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus primary serverscope:eqversion:base

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:st ard-r

Trust: 0.8

vendor:hitachimodel:ucosminexus primary serverscope:eqversion:base(64)

Trust: 0.8

vendor:hitachimodel:job management partner 1/integrated managementscope:eqversion:- service support advanced edition

Trust: 0.8

vendor:hitachimodel:ucosminexus service platformscope:eqversion:none

Trust: 0.8

vendor:apachemodel:httpdscope:eqversion:2.2.33

Trust: 0.8

vendor:hitachimodel:it operations directorscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/service supportscope:eqversion:none

Trust: 0.8

vendor:hitachimodel:jp1/operations analyticsscope: - version: -

Trust: 0.8

vendor:hitachimodel:tuning managerscope:eqversion:none

Trust: 0.8

vendor:hitachimodel:cosminexus http serverscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/service supportscope:eqversion:starter edition

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:-r

Trust: 0.8

vendor:hitachimodel:jp1/it desktop managementscope:eqversion:2 - manager

Trust: 0.8

vendor:hitachimodel:global link managerscope:eqversion:software

Trust: 0.8

vendor:hitachimodel:job management partner 1/it desktop management - managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus service architectscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus application server enterprisescope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/performance managementscope:eqversion:- manager web console

Trust: 0.8

vendor:necmodel:spoolserver/winspool seriesscope:eqversion:reportfiling ver5.2 ~ 6.2

Trust: 0.8

vendor:hitachimodel:automation directorscope: - version: -

Trust: 0.8

vendor:hitachimodel:tiered storage managerscope:eqversion:none

Trust: 0.8

vendor:hitachimodel:ucosminexus application server standardscope: - version: -

Trust: 0.8

vendor:necmodel:connexive pfscope:eqversion:v6.5

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:professional

Trust: 0.8

vendor:apachemodel:httpdscope:ltversion:2.2.x

Trust: 0.8

vendor:hitachimodel:replication managerscope:eqversion:none

Trust: 0.8

vendor:hitachimodel:device managerscope:eqversion:software

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:none

Trust: 0.8

vendor:hitachimodel:ucosminexus application server smart editionscope: - version: -

Trust: 0.8

vendor:hitachimodel:application serverscope: - version: -

Trust: 0.8

vendor:apachemodel:httpdscope:ltversion:2.4.x

Trust: 0.8

vendor:ubuntumodel:linuxscope:eqversion:17.04

Trust: 0.3

vendor:ubuntumodel:linuxscope:eqversion:16.10

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:16.04

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:14.04

Trust: 0.3

vendor:redhatmodel:software collections for rhelscope:eqversion:0

Trust: 0.3

vendor:redhatmodel:jboss web serverscope:eqversion:0

Trust: 0.3

vendor:redhatmodel:jboss ewsscope:eqversion:2

Trust: 0.3

vendor:redhatmodel:jboss eapscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:jboss core servicesscope:eqversion:1

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linuxscope:eqversion:7

Trust: 0.3

vendor:redhatmodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:ibmmodel:iscope:eqversion:7.1

Trust: 0.3

vendor:ibmmodel:iscope:eqversion:7.3

Trust: 0.3

vendor:ibmmodel:iscope:eqversion:7.2

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.5.52

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.52

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.09

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.033

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.029

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.11

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:9.0.0.4

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:9.0.0.3

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:9.0.0.2

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:9.0.0.1

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:9.0

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.5.5.9

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.5.5.8

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.5.5.7

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.5.5.6

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.5.5.5

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.5.5.4

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.5.5.3

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.5.5.11

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.5.5.10

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.5.5.1

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.5.5

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.5.0.1

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.0.0.7

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.0.0.6

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.0.0.5

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.0.0.4

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.0.0.3

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.0.0.2

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.0.0.13

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.0.0.12

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.0.0.11

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:8.0.0.1

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.4.27

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.0.5

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.0.43

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.0.39

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.0.27

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.0.25

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.0.21

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.0.19

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.0.17

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.0.15

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.0.13

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:6

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.25

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.23

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.20

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.19

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.18

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.17

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.16

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.14

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.12

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.11

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.4

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.26

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.25

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.24

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.23

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.15

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.14

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.13

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.12

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.11

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.10

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.3

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.2

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.3

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.24

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.2

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.13

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.1

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.4.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.32

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.29

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.22

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.21

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.20

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.19

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.18

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.17

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.16

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.1

Trust: 0.3

vendor:ibmmodel:http serverscope:neversion:9.0.0.5

Trust: 0.3

vendor:ibmmodel:http serverscope:neversion:8.5.5.12

Trust: 0.3

vendor:ibmmodel:http serverscope:neversion:8.0.0.14

Trust: 0.3

vendor:ibmmodel:http serverscope:neversion:7.0.0.45

Trust: 0.3

vendor:apachemodel:apachescope:neversion:2.4.26

Trust: 0.3

vendor:apachemodel:2.2.33-devscope:neversion: -

Trust: 0.3

sources: BID: 99170 // JVNDB: JVNDB-2017-005026 // NVD: CVE-2017-7679

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7679
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-7679
value: CRITICAL

Trust: 0.8

VULMON: CVE-2017-7679
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-7679
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2017-7679
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULMON: CVE-2017-7679 // JVNDB: JVNDB-2017-005026 // NVD: CVE-2017-7679

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

problemtype:CWE-126

Trust: 1.0

sources: JVNDB: JVNDB-2017-005026 // NVD: CVE-2017-7679

THREAT TYPE

network

Trust: 0.3

sources: BID: 99170

TYPE

Boundary Condition Error

Trust: 0.3

sources: BID: 99170

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005026

PATCH

title:hitachi-sec-2018-101url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-101/index.html

Trust: 0.8

title:hitachi-sec-2018-103url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-103/index.html

Trust: 0.8

title:hitachi-sec-2017-123url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-123/index.html

Trust: 0.8

title:NV17-014url:http://jpn.nec.com/security-info/secinfo/nv17-014.html

Trust: 0.8

title:CVE-2017-7679: mod_mime buffer overreadurl:https://lists.apache.org/thread.html/f4515e580dfb6eeca589a5cdebd4c4c709ce632b12924f343c3b7751@%3Cdev.httpd.apache.org%3E

Trust: 0.8

title:hitachi-sec-2017-123url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-123/index.html

Trust: 0.8

title:hitachi-sec-2018-101url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-101/index.html

Trust: 0.8

title:hitachi-sec-2018-103url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-103/index.html

Trust: 0.8

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173477 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173476 - Security Advisory

Trust: 0.1

title:Red Hat: Important: httpd security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173194 - Security Advisory

Trust: 0.1

title:Red Hat: Important: httpd security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173193 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173475 - Security Advisory

Trust: 0.1

title:Red Hat: Important: httpd security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173195 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2017-7679url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2017-7679

Trust: 0.1

title:Ubuntu Security Notice: apache2 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3340-1

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2017-7679

Trust: 0.1

title:Ubuntu Security Notice: apache2 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3373-1

Trust: 0.1

title:Debian Security Advisories: DSA-3896-1 apache2 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a100e91e6529637522c4f74492953f8c

Trust: 0.1

title:Amazon Linux AMI: ALAS-2017-892url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2017-892

Trust: 0.1

title:Amazon Linux AMI: ALAS-2017-863url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2017-863

Trust: 0.1

title:Arch Linux Advisories: [ASA-201706-34] apache: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201706-34

Trust: 0.1

title:Symantec Security Advisories: SA154: Apache httpd Vulnerabilities June 2017url:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=6f891c1513dfb5c26769ed38bcac6e4f

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=a22ad41e97bbfc5abb0bb927bf43089c

Trust: 0.1

title:Tenable Security Advisories: [R1] Tenable.sc 5.13.0 Fixes Multiple Third-Party Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2019-09

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - July 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=549dc795290b298746065b62b4bb7928

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - October 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a

Trust: 0.1

title:POCurl:https://github.com/j031t/POC

Trust: 0.1

title:Shodanurl:https://github.com/averna-syd/Shodan

Trust: 0.1

title:netlas-gourl:https://github.com/mmpx12/netlas-go

Trust: 0.1

title:watchdogurl:https://github.com/flipkart-incubator/watchdog

Trust: 0.1

title: - url:https://github.com/catdever/watchdog

Trust: 0.1

title:watchdogurl:https://github.com/rohankumardubey/watchdog

Trust: 0.1

title:nrichurl:https://github.com/retr0-13/nrich

Trust: 0.1

title: - url:https://github.com/RoseSecurity-Research/Red-Teaming-TTPs

Trust: 0.1

title:Red-Teaming-TTPsurl:https://github.com/RoseSecurity/Red-Teaming-TTPs

Trust: 0.1

title:Shodan-nrichurl:https://github.com/PawanKumarPandit/Shodan-nrich

Trust: 0.1

title:DC-3-Vulnhub-Walkthroughurl:https://github.com/vshaliii/DC-3-Vulnhub-Walkthrough

Trust: 0.1

title:DC-2-Vulnhub-Walkthroughurl:https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough

Trust: 0.1

title:DC-1-Vulnhub-Walkthroughurl:https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough

Trust: 0.1

title: - url:https://github.com/hrbrmstr/internetdb

Trust: 0.1

title: - url:https://github.com/SecureAxom/strike

Trust: 0.1

title:pigaturl:https://github.com/syadg123/pigat

Trust: 0.1

sources: VULMON: CVE-2017-7679 // JVNDB: JVNDB-2017-005026

EXTERNAL IDS

db:NVDid:CVE-2017-7679

Trust: 2.9

db:BIDid:99170

Trust: 1.3

db:SECTRACKid:1038711

Trust: 1.0

db:TENABLEid:TNS-2019-09

Trust: 1.0

db:JVNid:JVNVU98416507

Trust: 0.8

db:JVNDBid:JVNDB-2017-005026

Trust: 0.8

db:VULMONid:CVE-2017-7679

Trust: 0.1

db:PACKETSTORMid:143146

Trust: 0.1

db:PACKETSTORMid:143561

Trust: 0.1

db:PACKETSTORMid:144791

Trust: 0.1

db:PACKETSTORMid:143767

Trust: 0.1

db:PACKETSTORMid:144960

Trust: 0.1

db:PACKETSTORMid:144968

Trust: 0.1

db:PACKETSTORMid:145456

Trust: 0.1

sources: VULMON: CVE-2017-7679 // BID: 99170 // JVNDB: JVNDB-2017-005026 // PACKETSTORM: 143146 // PACKETSTORM: 143561 // PACKETSTORM: 144791 // PACKETSTORM: 143767 // PACKETSTORM: 144960 // PACKETSTORM: 144968 // PACKETSTORM: 145456 // NVD: CVE-2017-7679

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2017-7679

Trust: 1.5

url:https://security.gentoo.org/glsa/201710-32

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2017:2479

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2017:3193

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2017:3194

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2017:3476

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2017:3475

Trust: 1.0

url:https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03821en_us

Trust: 1.0

url:https://access.redhat.com/errata/rhsa-2017:2483

Trust: 1.0

url:https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://www.nomachine.com/su08o00185

Trust: 1.0

url:https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:http://www.debian.org/security/2017/dsa-3896

Trust: 1.0

url:https://access.redhat.com/errata/rhsa-2017:2478

Trust: 1.0

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbux03908en_us

Trust: 1.0

url:https://access.redhat.com/errata/rhsa-2017:3195

Trust: 1.0

url:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Trust: 1.0

url:https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://support.apple.com/ht208221

Trust: 1.0

url:https://www.tenable.com/security/tns-2019-09

Trust: 1.0

url:https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:http://www.securitytracker.com/id/1038711

Trust: 1.0

url:https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://github.com/gottburgm/exploits/tree/master/cve-2017-7679

Trust: 1.0

url:https://lists.apache.org/thread.html/f4515e580dfb6eeca589a5cdebd4c4c709ce632b12924f343c3b7751%40%3cdev.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:http://www.securityfocus.com/bid/99170

Trust: 1.0

url:https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://access.redhat.com/errata/rhsa-2017:3477

Trust: 1.0

url:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://security.netapp.com/advisory/ntap-20180601-0002/

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7679

Trust: 0.8

url:https://jvn.jp/vu/jvnvu98416507/

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2017-7679

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2017-3167

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2017-3169

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2017-7668

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2017-9788

Trust: 0.4

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2017-3169

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2017-3167

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.4

url:http://www.apache.org/

Trust: 0.3

url:https://httpd.apache.org/

Trust: 0.3

url:https://www.apache.org/dist/httpd/patches/apply_to_2.2.32/cve-2017-7679.patch

Trust: 0.3

url:https://httpd.apache.org/security/vulnerabilities_22.html

Trust: 0.3

url:https://httpd.apache.org/security/vulnerabilities_24.html

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24043880

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=nas8n1022204

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg22005280

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2017-7668

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2017-9788

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2017-9798

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2017-9798

Trust: 0.3

url:https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.16

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu4.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.25-3ubuntu2.1

Trust: 0.1

url:https://www.ubuntu.com/usn/usn-3340-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu3.3

Trust: 0.1

url:https://www.ubuntu.com/usn/usn-3373-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-8743

Trust: 0.1

url:https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-7668

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-7659

Trust: 0.1

url:https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3167

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9798

Trust: 0.1

url:https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-7679

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-9789

Trust: 0.1

url:https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-7659

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3169

Trust: 0.1

url:https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-9788

Trust: 0.1

url:https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-9789

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://access.redhat.com/documentation/en/red-hat-jboss-core-services/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-12613

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-12613

Trust: 0.1

sources: BID: 99170 // JVNDB: JVNDB-2017-005026 // PACKETSTORM: 143146 // PACKETSTORM: 143561 // PACKETSTORM: 144791 // PACKETSTORM: 143767 // PACKETSTORM: 144960 // PACKETSTORM: 144968 // PACKETSTORM: 145456 // NVD: CVE-2017-7679

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 143767 // PACKETSTORM: 144960 // PACKETSTORM: 144968 // PACKETSTORM: 145456

SOURCES

db:VULMONid:CVE-2017-7679
db:BIDid:99170
db:JVNDBid:JVNDB-2017-005026
db:PACKETSTORMid:143146
db:PACKETSTORMid:143561
db:PACKETSTORMid:144791
db:PACKETSTORMid:143767
db:PACKETSTORMid:144960
db:PACKETSTORMid:144968
db:PACKETSTORMid:145456
db:NVDid:CVE-2017-7679

LAST UPDATE DATE

2024-12-22T19:31:45.346000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2017-7679date:2023-11-07T00:00:00
db:BIDid:99170date:2017-08-16T08:10:00
db:JVNDBid:JVNDB-2017-005026date:2018-02-01T00:00:00
db:NVDid:CVE-2017-7679date:2024-11-21T03:32:26.843

SOURCES RELEASE DATE

db:VULMONid:CVE-2017-7679date:2017-06-20T00:00:00
db:BIDid:99170date:2017-06-19T00:00:00
db:JVNDBid:JVNDB-2017-005026date:2017-07-13T00:00:00
db:PACKETSTORMid:143146date:2017-06-26T23:34:52
db:PACKETSTORMid:143561date:2017-07-31T18:22:22
db:PACKETSTORMid:144791date:2017-10-30T15:38:41
db:PACKETSTORMid:143767date:2017-08-15T22:25:00
db:PACKETSTORMid:144960date:2017-11-13T22:23:00
db:PACKETSTORMid:144968date:2017-11-14T04:32:05
db:PACKETSTORMid:145456date:2017-12-17T15:28:41
db:NVDid:CVE-2017-7679date:2017-06-20T01:29:00.423