AVG-316

Package apache
Status Fixed
Severity High
Type multiple issues
Affected 2.4.25-3
Fixed 2.4.26-1
Current 2.4.33-3 [extra]
Ticket None
Created Tue Jun 20 08:53:20 2017
Issue Severity Remote Type Description
CVE-2017-7679 Medium Yes Denial of service
An out-of-bounds read has been found in Apache httpd < 2.4.26, where mod_mime can read one byte past the end of a buffer when a malicious Content-Type...
CVE-2017-7668 High Yes Information disclosure
An out-of-bounds read has been found in Apache httpd < 2.4.26. The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list...
CVE-2017-7659 High Yes Denial of service
A NULL-pointer dereference leading to denial of service has been found in the mod_http2 component of Apache httpd < 2.4.26. A maliciously constructed HTTP/2...
CVE-2017-3169 Medium Yes Denial of service
A NULL-pointer dereference leading to denial of service has been found in the mod_ssl component of Apache httpd < 2.4.26. mod_ssl may dereference a NULL...
CVE-2017-3167 Medium Yes Authentication bypass
An authentication bypass flaw has been found in Apache httpd < 2.4.26, where the use of the ap_get_basic_auth_pw() function by third-party modules outside...
Date Advisory Package Description
28 Jun 2017 ASA-201706-34 apache multiple issues
References
https://httpd.apache.org/security/vulnerabilities_24.html