CVE-2017-7679

CRITICAL

Apache httpd <2.2.33, <2.4.26 - Buffer Overflow

Title source: llm

Description

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

Exploits (4)

nomisec WORKING POC 1 stars

by Al-Lord0x · poc

https://github.com/Al-Lord0x/CVE-2017-7679

View Code ZIP pw:eip

github WORKING POC 1 stars

by vaishakhcv · perlpoc

https://github.com/vaishakhcv/CVE-exploits/tree/master/CVE-2017-7679

View Code ZIP pw:eip

nomisec

by snknritr · poc

https://github.com/snknritr/CVE-2017-7679-in-python

View on nomisec

github WORKING POC

by winterwolf32 · perlpoc

https://github.com/winterwolf32/CVE_Exploits-/tree/master/CVE-2017-7679

View Code ZIP pw:eip

References (40)

[Third Party Advisory] http://www.debian.org/security/2017/dsa-3896

[Patch, Third Party Advisory] http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/99170

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038711

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:2478

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:2479

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:2483

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:3193

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:3194

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:3195

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:3475

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:3476

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:3477

[Exploit, Third Party Advisory] https://github.com/gottburgm/Exploits/tree/master/CVE-2017-7679

[Third Party Advisory] https://security.gentoo.org/glsa/201710-32

[Third Party Advisory] https://support.apple.com/HT208221

[Vendor Advisory] https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03821en_us

[Vendor Advisory] https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us

[Mitigation, Third Party Advisory] https://www.nomachine.com/SU08O00185

[Third Party Advisory] https://www.tenable.com/security/tns-2019-09

... and 20 more

Scores

CVSS v3 9.8

EPSS 0.4124

EPSS Percentile 97.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-119 CWE-126

Status draft

Affected Products (1)

apache/http_server < 2.2.33

Timeline

Published Jun 20, 2017

Tracked Since Feb 18, 2026