CVE-2017-7668

by Fred · 19/06/2017

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

Date published : 2017-06-19

http://www.securityfocus.com/bid/99137

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

CVE-2017-7668

Similar

Recent Posts

Categories

CVE-2017-7668

Share this:

Similar

Recent Posts

Categories

Tags