Lucene search
F5F5:K54624443HistoryJul 14, 2017 - 12:00 a.m.
K54624443 : Apache HTTPD vulnerability CVE-2017-7668
2017-07-1400:00:00
my.f5.com
67
Security Advisory Description
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. (CVE-2017-7668)
Impact
There is no impact; F5 products are not affected by this vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| big-ip afm | eq | 11.4.1 | |
| big-ip afm | eq | 11.5.0 | |
| big-ip afm | eq | 11.5.1 | |
| big-ip afm | eq | 11.5.2 | |
| big-ip afm | eq | 11.5.3 | |
| big-ip afm | eq | 11.5.4 | |
| big-ip afm | eq | 11.6.0 | |
| big-ip afm | eq | 11.6.1 | |
| big-ip afm | eq | 12.0.0 | |
| big-ip afm | eq | 12.1.0 |
Related
httpd
httpd
Apache Httpd < 2.2.34 : ap_find_token() Buffer Overread
2017-05-06 00:00:00
Apache Httpd < 2.4.26 : ap_find_token() Buffer Overread
2017-05-06 00:00:00
cve
cve
CVE-2017-7668
2017-06-20 01:29:00
ibm
ibm
checkpoint_advisories
checkpoint_advisories
Apache httpd ap_find_token Out of Bounds Read (CVE-2017-7668)
2017-07-31 00:00:00
Apache httpd ap_find_token Out of Bounds Read - Ver2 (CVE-2017-7668)
2018-07-03 00:00:00
redhatcve
redhatcve
CVE-2017-7668
2019-10-08 10:48:59
hackerone
hackerone
Internet Bug Bounty: ap_find_token() Buffer Overread
2017-06-20 08:36:29
debiancve
debiancve
CVE-2017-7668
2017-06-20 01:29:00
openvas
openvas
Apache HTTP Server Denial-Of-Service Vulnerability (Jun 2017) - Windows
2017-06-21 00:00:00
Apache HTTP Server Denial-Of-Service Vulnerability (Jun 2017) - Linux
2017-06-21 00:00:00
Ubuntu: Security Advisory (USN-3340-1)
2017-06-27 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:45:16
cvelist
cvelist
CVE-2017-7668
2017-06-20 01:00:00
nvd
nvd
CVE-2017-7668
2017-06-20 01:29:00
alpinelinux
alpinelinux
CVE-2017-7668
2017-06-20 01:29:00
prion
prion
Input validation
2017-06-20 01:29:00
ubuntucve
ubuntucve
CVE-2017-7668
2017-06-19 00:00:00
osv
osv
CVE-2017-7668
2017-06-20 01:29:00
apache2 - security update
2017-06-22 00:00:00
apache2 - security update
2017-07-02 00:00:00
oraclelinux
oraclelinux
httpd security and bug fix update
2017-07-11 00:00:00
httpd security update
2017-08-15 00:00:00
nessus
nessus
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2017-06-26 00:00:00
Apache HTTP Server vulnerabilities
2017-07-31 00:00:00
debian
debian
[SECURITY] [DLA 1009-1] apache2 security update
2017-07-02 18:48:50
[SECURITY] [DSA 3896-1] apache2 security update
2017-06-22 19:41:41
[SECURITY] [DSA 3896-1] apache2 security update
2017-06-22 19:41:41
archlinux
archlinux
[ASA-201706-34] apache: multiple issues
2017-06-28 00:00:00
freebsd
freebsd
Apache httpd -- several vulnerabilities
2017-06-20 00:00:00
redhat
redhat
(RHSA-2017:2479) Important: httpd security update
2017-08-15 15:55:44
(RHSA-2017:2483) Important: httpd24-httpd security update
2017-08-16 21:45:48
(RHSA-2017:3194) Important: httpd security update
2017-11-13 16:37:59
fedora
fedora
[SECURITY] Fedora 25 Update: httpd-2.4.27-2.fc25
2017-07-15 19:56:05
[SECURITY] Fedora 26 Update: httpd-2.4.26-1.fc26
2017-07-07 23:20:56
[SECURITY] Fedora 24 Update: httpd-2.4.26-1.fc24
2017-07-12 01:54:48
slackware
slackware
[slackware-security] httpd
2017-06-29 21:34:52
centos
centos
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
2017-08-24 09:43:51
symantec
symantec
SA154: Apache httpd Vulnerabilities June 2017
2017-07-20 08:00:00
amazon
amazon
Medium: httpd24
2017-08-03 18:53:00
gentoo
gentoo
Apache: Multiple vulnerabilities
2017-10-29 00:00:00
mageia
mageia
Updated apache packages fix security vulnerability
2018-01-01 13:38:51
apple
apple
oracle
oracle
Oracle Critical Patch Update - October 2017
2017-10-17 00:00:00