BSA-2017-364
21654
20 September 2018
25 August 2017
Closed
Medium
6.5
N/A
CVE-2017-7668
Summary
Security Advisory ID : BSA-2017-364
Component : Apache HTTPD
Revision : 2.0: Final
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token to search past the end of its input string.
By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token to return an incorrect value.
Affected Products
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.
Revision History
| Version | Change | Date |
|---|---|---|
| 1.0 | Initial Publication | August 25, 2017 |
| 2.0 | Updated to reflect Fibre Channel Only | September 20, 2018 |