On June 19, 2017, it was revealed that Apache httpd has multiple vulnerabilities, CVE-2017-3167, CVE-2017-3169, CVE-2017-7659, CVE-2017-7668, and CVE-2017-7679. These vulnerabilities are highly risky.
See the following for more information about the vulnerability.
Multiple Apache httpd vulnerabilities
CVE-2017-3167: Authentication is bypassed when a third-party module uses ap_get_basic_auth_pw() during authentication.
CVE-2017-3169: mod_ssl indirectly references a null pointer when a third-party module calls ap_hook_process_connection() to request an HTTPS port over HTTP.
CVE-2017-7659: mod_http2 indirectly references null pointers or the server process crashes when a constructed HTTP/2 request is processed.
CVE-2017-7668: A bug in token list parsing allows ap_find_token() to search beyond input character strings. By constructing a request header sequence, an attacker can cause a segmentation fault or force ap_find_token() to return an error value.
CVE-2017-7679: When an attacker sends a malicious Content-Type response header, mod_mime causes the buffer to read out of bounds.
Condition and method of exploitation
CVE-2017-3167, CVE-2017-3169, and CVE-2017-7679 affect Apache HTTP Web Server 2.2.0 to 2.2.32, 2.4.0 to 2.4.25
CVE-2017-7659 affects Apache HTTP Web Server 2.4.25
CVE-2017-7668 affects Apache HTTP Web Server 2.2.32 and 2.4.25
Run the following command to check whether any affected version of Apache HTTP is used:
How to fix or mitigate
- Upgrade Apache httpd 2.4 to 2.4.26.
- Upgrade Apache httpd 2.2 to 2.2.33-dev.