Executive Summary

Informations
NameCVE-2017-7679First vendor Publication2017-06-19
VendorCveLast vendor Modification2019-02-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679

CWE : Common Weakness Enumeration

%idName
100 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application52

Snort® IPS/IDS

DateDescription
2017-08-15httpd mod_mime content-type buffer overflow attempt
RuleID : 43547 - Revision : 2 - Type : SERVER-APACHE

Nessus® Vulnerability Scanner

DateDescription
2018-11-27Name : The remote Virtuozzo host is missing a security update.
File : Virtuozzo_VZLSA-2017-2478.nasl - Type : ACT_GATHER_INFO
2018-05-24Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL75429050.nasl - Type : ACT_GATHER_INFO
2018-03-21Name : The remote device is affected by multiple vulnerabilities.
File : juniper_space_jsa_10838.nasl - Type : ACT_GATHER_INFO
2017-11-14Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-3193.nasl - Type : ACT_GATHER_INFO
2017-11-14Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-3194.nasl - Type : ACT_GATHER_INFO
2017-11-14Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-3195.nasl - Type : ACT_GATHER_INFO
2017-11-03Name : The remote host is missing a macOS or Mac OS X security update that fixes mul...
File : macosx_SecUpd2017-004.nasl - Type : ACT_GATHER_INFO
2017-10-31Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-2907-1.nasl - Type : ACT_GATHER_INFO
2017-10-30Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201710-32.nasl - Type : ACT_GATHER_INFO
2017-10-19Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-2756-1.nasl - Type : ACT_GATHER_INFO
2017-10-05Name : The remote host is missing a vendor-supplied security patch.
File : fireeye_os_ex_801.nasl - Type : ACT_GATHER_INFO
2017-10-03Name : The remote host is missing a macOS update that fixes multiple security vulner...
File : macos_10_13.nasl - Type : ACT_GATHER_INFO
2017-09-15Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2017-892.nasl - Type : ACT_GATHER_INFO
2017-09-14Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-2449-1.nasl - Type : ACT_GATHER_INFO
2017-09-08Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1177.nasl - Type : ACT_GATHER_INFO
2017-09-08Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1178.nasl - Type : ACT_GATHER_INFO
2017-08-25Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2017-2479.nasl - Type : ACT_GATHER_INFO
2017-08-22Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20170815_httpd_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2017-08-17Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-2478.nasl - Type : ACT_GATHER_INFO
2017-08-16Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2017-2478.nasl - Type : ACT_GATHER_INFO
2017-08-16Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2017-2478.nasl - Type : ACT_GATHER_INFO
2017-08-16Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2017-2479.nasl - Type : ACT_GATHER_INFO
2017-08-16Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-2479.nasl - Type : ACT_GATHER_INFO
2017-08-16Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20170815_httpd_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2017-08-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2017-863.nasl - Type : ACT_GATHER_INFO
2017-07-18Name : The remote web server is affected by multiple vulnerabilities.
File : apache_2_2_34.nasl - Type : ACT_GATHER_INFO
2017-07-18Name : The remote Fedora host is missing a security update.
File : fedora_2017-9ded7c5670.nasl - Type : ACT_GATHER_INFO
2017-07-17Name : The remote Fedora host is missing a security update.
File : fedora_2017-81976b6a91.nasl - Type : ACT_GATHER_INFO
2017-07-13Name : The remote Fedora host is missing a security update.
File : fedora_2017-cf9599a306.nasl - Type : ACT_GATHER_INFO
2017-07-07Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-786.nasl - Type : ACT_GATHER_INFO
2017-07-03Name : The remote Debian host is missing a security update.
File : debian_DLA-1009.nasl - Type : ACT_GATHER_INFO
2017-06-30Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2017-180-03.nasl - Type : ACT_GATHER_INFO
2017-06-29Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-1714-1.nasl - Type : ACT_GATHER_INFO
2017-06-27Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-3340-1.nasl - Type : ACT_GATHER_INFO
2017-06-23Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3896.nasl - Type : ACT_GATHER_INFO
2017-06-22Name : The remote web server is affected by multiple vulnerabilities.
File : apache_2_4_26.nasl - Type : ACT_GATHER_INFO
2017-06-20Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_0c2db2aa558411e79a7db499baebfeaf.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/99170
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://security.netapp.com/advisory/ntap-20180601-0002/
https://support.apple.com/HT208221
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr...
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr...
https://www.nomachine.com/SU08O00185
DEBIAN http://www.debian.org/security/2017/dsa-3896
GENTOO https://security.gentoo.org/glsa/201710-32
MISC https://github.com/gottburgm/Exploits/tree/master/CVE-2017-7679
MLIST https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e8029...
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277...
https://lists.apache.org/thread.html/f4515e580dfb6eeca589a5cdebd4c4c709ce632b...
REDHAT https://access.redhat.com/errata/RHSA-2017:2478
https://access.redhat.com/errata/RHSA-2017:2479
https://access.redhat.com/errata/RHSA-2017:2483
https://access.redhat.com/errata/RHSA-2017:3193
https://access.redhat.com/errata/RHSA-2017:3194
https://access.redhat.com/errata/RHSA-2017:3195
https://access.redhat.com/errata/RHSA-2017:3475
https://access.redhat.com/errata/RHSA-2017:3476
https://access.redhat.com/errata/RHSA-2017:3477
SECTRACK http://www.securitytracker.com/id/1038711

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
DateInformations
2019-08-16 12:06:16
  • Multiple Updates
2019-02-07 17:19:10
  • Multiple Updates
2018-06-03 09:19:43
  • Multiple Updates
2018-05-10 09:19:37
  • Multiple Updates
2018-04-18 21:19:26
  • Multiple Updates
2018-04-10 21:19:58
  • Multiple Updates
2018-01-18 21:22:37
  • Multiple Updates
2018-01-05 09:24:25
  • Multiple Updates
2017-12-17 09:21:52
  • Multiple Updates
2017-12-09 13:24:14
  • Multiple Updates
2017-12-02 09:21:48
  • Multiple Updates
2017-11-15 13:25:31
  • Multiple Updates
2017-11-14 09:23:18
  • Multiple Updates
2017-11-04 13:25:25
  • Multiple Updates
2017-11-04 09:24:00
  • Multiple Updates
2017-11-01 13:25:10
  • Multiple Updates
2017-10-31 13:25:29
  • Multiple Updates
2017-10-31 09:22:07
  • Multiple Updates
2017-10-20 13:24:58
  • Multiple Updates
2017-10-20 09:23:04
  • Multiple Updates
2017-10-06 13:25:09
  • Multiple Updates
2017-09-22 13:24:46
  • Multiple Updates
2017-09-21 00:25:13
  • Multiple Updates
2017-09-16 13:25:28
  • Multiple Updates
2017-09-15 13:25:01
  • Multiple Updates
2017-09-09 13:25:47
  • Multiple Updates
2017-08-30 09:20:36
  • Multiple Updates
2017-08-26 13:24:55
  • Multiple Updates
2017-08-23 13:25:04
  • Multiple Updates
2017-08-18 13:24:35
  • Multiple Updates
2017-08-17 13:24:26
  • Multiple Updates
2017-08-05 13:24:36
  • Multiple Updates
2017-07-19 13:24:37
  • Multiple Updates
2017-07-18 13:24:51
  • Multiple Updates
2017-07-14 13:24:51
  • Multiple Updates
2017-07-08 13:24:44
  • Multiple Updates
2017-07-07 09:21:37
  • Multiple Updates
2017-07-04 13:23:43
  • Multiple Updates
2017-06-30 13:24:09
  • Multiple Updates
2017-06-29 21:22:40
  • Multiple Updates
2017-06-28 13:23:48
  • Multiple Updates
2017-06-24 13:23:30
  • Multiple Updates
2017-06-23 13:23:48
  • Multiple Updates
2017-06-23 09:22:49
  • Multiple Updates
2017-06-21 13:23:53
  • Multiple Updates
2017-06-20 09:23:10
  • First insertion