CVE-2017-7679 — CRITICAL (9.8)

Q: What is CVE-2017-7679?

CVE-2017-7679 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

Q: How severe is CVE-2017-7679?

CVE-2017-7679 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2017-7679?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server.

Vulnerability Description

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apache	Http Server	>= 2.2.0, < 2.2.33

Related Weaknesses (CWE)

CWE-126 CWE-119

References

http://www.debian.org/security/2017/dsa-3896Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatchThird Party Advisory
http://www.securityfocus.com/bid/99170Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1038711Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:2478Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2479Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2483Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3193Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3194Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3195Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3475Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3476Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3477Third Party Advisory
https://github.com/gottburgm/Exploits/tree/master/CVE-2017-7679ExploitThird Party Advisory
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cd

FAQ

What is CVE-2017-7679?

CVE-2017-7679 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

How severe is CVE-2017-7679?

CVE-2017-7679 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-7679?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server.