CVE-2017-15710

Published Mar 26, 2018

Last updated a year ago

CVSS high 7.5

Overview

Description: In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.
Source: security@apache.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FCD3C8C-9BF8-4F30-981A-593EEAEB9EDD"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "046487A3-752B-4D0F-8984-96486B828EAB"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89D2E052-51CD-4B57-A8B8-FAE51988D654"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EAA27058-BACF-4F94-8E3C-7D38EC302EC1"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8FEAB0DF-04A9-4F99-8666-0BADC5D642B8"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7D924D1-8A36-4C43-9E56-52814F9A6350"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39CDFECC-E26D-47E0-976F-6629040B3764"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3ECBCB1-0675-41F5-857B-438F36925F63"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB6CBFBF-74F6-42AF-BC79-AA53EA75F00B"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8717A96B-9DB5-48D6-A2CF-A5E2B26AF3F3"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1F45B27-504B-4202-87B8-BD3B094003F1"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2FB2B98-DFD2-420A-8A7F-9B288651242F"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B803D25B-0A19-4569-BA05-09D58F33917C"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8510442C-212F-4013-85FA-E0AB59F6F2C6"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB5673AB-53BB-40B2-83A7-8B82B2D0EBB8"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBB3ED63-45CA-44AB-973C-9AD2569AD800"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF30AD98-9CBA-456E-A827-79FCEDEB30A1"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C117BF2F-1E5B-4AEC-8770-3153E5B4CD07"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "437BC6D8-D103-452C-9C86-D89FC977A50F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB"
          },
          {
            "criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9"
          },
          {
            "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40"
          },
          {
            "criteria": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FED6CAE-D97F-49E0-9D00-1642A3A427B4"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "041F9200-4C01-4187-AE34-240E8277B54D"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EB48767-F095-444F-9E05-D9AC345AB803"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F6FA12B-504C-4DBF-A32E-0548557AA2ED"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References