Multiple vulnerabilities in Apache httpd

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2017-003 CVE-2017-3169 , CVE-2017-7668 , CVE-2017-7679 07/19/2017 medium v1

Vulnerability details

Multiple vulnerabilities in Apache httpd have been disclosed. These vulnerabilities may affect availability or confidentiality of impacted products.

Products

ProductSeverityDetail
Stormshield Network Security

None

SNS does not use Apache httpd.
Stormshield Endpoint Security medium The vulnerabilities may prevent installation of agents and may disclose potentially sensitive information.
Stormshield Data Security

None

SDS does not use Apache httpd.
Fast360

?

Under investigation
Netasq

None

Netasq does not use Apache httpd.

Revisions

Version Date Description
v1  08/29/2017 Initial release


Stormshield Endpoint Security

CVSS Overall Score: 6      

Analysis

Impacted version

As used in SES servers, Apache httpd may be impacted by the following vulnerabilities :

  • CVE-2017-3169 – mod_ssl Null Pointer Dereference
  • CVE-2017-7668 – ap_find_token() Buffer Overread
  • CVE-2017-7679 – mod_mime Buffer Overread

These vulnerabilities may allow an attacker to prevent installation of new agents (denial-of-service on httpd by exploiting CVE-2017-3169 or CVE-2017-7668) or retrieve potentially sensitive information (CVE-2017-7679).

  • SES 6.0.28
  • SES 7.2.17

Workaround solution

Solution

There is no workaround solution.

The 6.0.29 and 7.2.18 updates fix this vulnerability.



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network Low None Partial Partial Partial
CVSS Base score: 7.5 CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 5.5 CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Collateral Damage Potential Target Distribution
Low High [76-100%]
CVSS Environmental score: 6 CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C/CDP:L/TD:H)