CVE-2017-15710

In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
apachehttp_server
2.4.1
apachehttp_server
2.4.2
apachehttp_server
2.4.3
apachehttp_server
2.4.4
apachehttp_server
2.4.6
apachehttp_server
2.4.7
apachehttp_server
2.4.9
apachehttp_server
2.4.10
apachehttp_server
2.4.12
apachehttp_server
2.4.16
apachehttp_server
2.4.17
apachehttp_server
2.4.18
apachehttp_server
2.4.20
apachehttp_server
2.4.23
apachehttp_server
2.4.25
apachehttp_server
2.4.26
apachehttp_server
2.4.27
apachehttp_server
2.4.28
apachehttp_server
2.4.29
debiandebian_linux
7.0
debiandebian_linux
8.0
debiandebian_linux
9.0
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
17.10
canonicalubuntu_linux
18.04
netappsantricity_cloud_connector
-
netappstorage_automation_store
-
netappstoragegrid
-
netappclustered_data_ontap
-
redhatenterprise_linux
6.0
redhatenterprise_linux
7.0
redhatenterprise_linux
7.4
redhatenterprise_linux
7.5
redhatenterprise_linux
7.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
apache2
bookworm
2.4.62-1~deb12u1
fixed
bookworm (security)
2.4.62-1~deb12u2
fixed
bullseye
2.4.62-1~deb11u1
fixed
bullseye (security)
2.4.62-1~deb11u2
fixed
sid
2.4.62-3
fixed
trixie
2.4.62-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
apache2
artful
Fixed 2.4.27-2ubuntu4.1
released
bionic
Fixed 2.4.29-1ubuntu4.1
released
cosmic
Fixed 2.4.29-1ubuntu4.1
released
trusty
Fixed 2.4.7-1ubuntu4.20
released
xenial
Fixed 2.4.18-2ubuntu3.8
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
apache2
suse enterprise sap 12 SP3
2.4.23-29.18.2
fixed
suse enterprise sap 12 SP5
2.4.23-29.43.1
fixed
suse enterprise server 12
2.4.10-14.31.1
fixed
suse enterprise server 12 SP1
2.4.16-20.16.1
fixed
suse enterprise server 12 SP2
2.4.23-29.18.2
fixed
suse enterprise server 12 SP3
2.4.23-29.18.2
fixed
suse enterprise server 12 SP5
2.4.23-29.43.1
fixed
apache2-doc
suse enterprise sap 12 SP3
2.4.23-29.18.2
fixed
suse enterprise sap 12 SP5
2.4.23-29.43.1
fixed
suse enterprise server 12
2.4.10-14.31.1
fixed
suse enterprise server 12 SP1
2.4.16-20.16.1
fixed
suse enterprise server 12 SP2
2.4.23-29.18.2
fixed
suse enterprise server 12 SP3
2.4.23-29.18.2
fixed
suse enterprise server 12 SP5
2.4.23-29.43.1
fixed
apache2-example-pages
suse enterprise sap 12 SP3
2.4.23-29.18.2
fixed
suse enterprise sap 12 SP5
2.4.23-29.43.1
fixed
suse enterprise server 12
2.4.10-14.31.1
fixed
suse enterprise server 12 SP1
2.4.16-20.16.1
fixed
suse enterprise server 12 SP2
2.4.23-29.18.2
fixed
suse enterprise server 12 SP3
2.4.23-29.18.2
fixed
suse enterprise server 12 SP5
2.4.23-29.43.1
fixed
apache2-prefork
suse enterprise sap 12 SP3
2.4.23-29.18.2
fixed
suse enterprise sap 12 SP5
2.4.23-29.43.1
fixed
suse enterprise server 12
2.4.10-14.31.1
fixed
suse enterprise server 12 SP1
2.4.16-20.16.1
fixed
suse enterprise server 12 SP2
2.4.23-29.18.2
fixed
suse enterprise server 12 SP3
2.4.23-29.18.2
fixed
suse enterprise server 12 SP5
2.4.23-29.43.1
fixed
apache2-utils
suse enterprise sap 12 SP3
2.4.23-29.18.2
fixed
suse enterprise sap 12 SP5
2.4.23-29.43.1
fixed
suse enterprise server 12
2.4.10-14.31.1
fixed
suse enterprise server 12 SP1
2.4.16-20.16.1
fixed
suse enterprise server 12 SP2
2.4.23-29.18.2
fixed
suse enterprise server 12 SP3
2.4.23-29.18.2
fixed
suse enterprise server 12 SP5
2.4.23-29.43.1
fixed
apache2-worker
suse enterprise sap 12 SP3
2.4.23-29.18.2
fixed
suse enterprise sap 12 SP5
2.4.23-29.43.1
fixed
suse enterprise server 12
2.4.10-14.31.1
fixed
suse enterprise server 12 SP1
2.4.16-20.16.1
fixed
suse enterprise server 12 SP2
2.4.23-29.18.2
fixed
suse enterprise server 12 SP3
2.4.23-29.18.2
fixed
suse enterprise server 12 SP5
2.4.23-29.43.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
httpd
RHEL 7
0:2.4.6-93.el7
fixed
httpd-devel
RHEL 7
0:2.4.6-93.el7
fixed
httpd-manual
RHEL 7
0:2.4.6-93.el7
fixed
httpd-tools
RHEL 7
0:2.4.6-93.el7
fixed
mod
RHEL 7
1:2.4.6-93.el7
fixed
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2018/03/24/8
http://www.securityfocus.com/bid/103512
http://www.securitytracker.com/id/1040569
https://access.redhat.com/errata/RHSA-2018:3558
https://access.redhat.com/errata/RHSA-2019:0366
https://access.redhat.com/errata/RHSA-2019:0367
https://httpd.apache.org/security/vulnerabilities_24.html
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html
https://security.netapp.com/advisory/ntap-20180601-0004/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us
https://usn.ubuntu.com/3627-1/
https://usn.ubuntu.com/3627-2/
https://usn.ubuntu.com/3937-2/
https://www.debian.org/security/2018/dsa-4164
https://www.tenable.com/security/tns-2019-09
http://www.openwall.com/lists/oss-security/2018/03/24/8
http://www.securityfocus.com/bid/103512
http://www.securitytracker.com/id/1040569
https://access.redhat.com/errata/RHSA-2018:3558
https://access.redhat.com/errata/RHSA-2019:0366
https://access.redhat.com/errata/RHSA-2019:0367
https://httpd.apache.org/security/vulnerabilities_24.html
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html
https://security.netapp.com/advisory/ntap-20180601-0004/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us
https://usn.ubuntu.com/3627-1/
https://usn.ubuntu.com/3627-2/
https://usn.ubuntu.com/3937-2/
https://www.debian.org/security/2018/dsa-4164
https://www.tenable.com/security/tns-2019-09