Bug 1463205 (CVE-2017-7668)
Summary: | CVE-2017-7668 httpd: ap_find_token() buffer overread | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aogburn, apmukher, bmaxwell, cdewolf, chazlett, csutherl, darran.lofthouse, dimitris, dosoudil, fgavrilo, fnasser, gzaronik, hhorak, jason.greene, jawilson, jboss-set, jclere, jdoyle, jkaluza, jondruse, jorton, jshepherd, kbost, lgao, luhliari, mbabacek, mhatanak, mmiura, mturk, myarboro, pahan, pgier, pjurak, ppalaga, psakar, pslavice, rnetuka, rstancel, rsvoboda, sardella, twalsh, vtunka, weli, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | httpd 2.2.34, httpd 2.4.26 | Doc Type: | If docs needed, set a value |
Doc Text: |
A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 03:15:20 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1463208, 1464876, 1464877, 1465916, 1466263, 1466264, 1473691, 1473692, 1473693, 1510060, 1510061 | ||
Bug Blocks: | 1463212, 1464082 |
Description
Andrej Nemec
2017-06-20 11:29:23 UTC
Created httpd tracking bugs for this issue: Affects: fedora-all [bug 1463208] Upstream commit: 2.4: https://github.com/apache/httpd/commit/a585e36e06a53170be6d2d462ceb5b30b8382988 2.2: https://github.com/apache/httpd/commit/ad581ced12363ce82ffcb16133f236b2e31563e1 (In reply to Andrej Nemec from comment #0) > The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug > in token list parsing, which allows ap_find_token() to search past the end > of its input string. The strict HTTP parsing was a fix for flaw with CVE id CVE-2016-8743 and is tracked via bug 1406822. The change was already backported to multiple Red Hat products, even if they contain older httpd version. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:2479 https://access.redhat.com/errata/RHSA-2017:2479 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Via RHSA-2017:2483 https://access.redhat.com/errata/RHSA-2017:2483 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Extended Update Support Via RHSA-2017:3193 https://access.redhat.com/errata/RHSA-2017:3193 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Extended Update Support Via RHSA-2017:3194 https://access.redhat.com/errata/RHSA-2017:3194 |