Multiple vulnerabilities in Apache httpd

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2017-003 CVE-2017-3169 , CVE-2017-7668 , CVE-2017-7679 07/19/2017 medium v1

Vulnerability details

Multiple vulnerabilities in Apache httpd have been disclosed. These vulnerabilities may affect availability or confidentiality of impacted products.


Stormshield Network Security


SNS does not use Apache httpd.
Stormshield Endpoint Security medium The vulnerabilities may prevent installation of agents and may disclose potentially sensitive information.
Stormshield Data Security


SDS does not use Apache httpd.


Under investigation


Netasq does not use Apache httpd.


Version Date Description
v1  08/29/2017 Initial release

Stormshield Endpoint Security

CVSS Overall Score: 6      


Impacted version

As used in SES servers, Apache httpd may be impacted by the following vulnerabilities :

  • CVE-2017-3169 – mod_ssl Null Pointer Dereference
  • CVE-2017-7668 – ap_find_token() Buffer Overread
  • CVE-2017-7679 – mod_mime Buffer Overread

These vulnerabilities may allow an attacker to prevent installation of new agents (denial-of-service on httpd by exploiting CVE-2017-3169 or CVE-2017-7668) or retrieve potentially sensitive information (CVE-2017-7679).

  • SES 6.0.28
  • SES 7.2.17

Workaround solution


There is no workaround solution.

The 6.0.29 and 7.2.18 updates fix this vulnerability.

Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network Low None Partial Partial Partial
CVSS Base score: 7.5 CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 5.5 CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Collateral Damage Potential Target Distribution
Low High [76-100%]
CVSS Environmental score: 6 CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C/CDP:L/TD:H)