The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Http_server | Apache | 2.2.32 (including) | 2.2.32 (including) |
| Http_server | Apache | 2.4.24 (including) | 2.4.24 (including) |
| Http_server | Apache | 2.4.25 (including) | 2.4.25 (including) |
| Red Hat Enterprise Linux 7 | RedHat | httpd-0:2.4.6-67.el7_4.2 | * |
| Red Hat Enterprise Linux 7.2 Extended Update Support | RedHat | httpd-0:2.4.6-40.el7_2.6 | * |
| Red Hat Enterprise Linux 7.3 Extended Update Support | RedHat | httpd-0:2.4.6-45.el7_3.5 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | httpd24-httpd-0:2.4.25-9.el6.1 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS | RedHat | httpd24-httpd-0:2.4.25-9.el6.1 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | httpd24-httpd-0:2.4.25-9.el7.1 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS | RedHat | httpd24-httpd-0:2.4.25-9.el7.1 | * |
| Apache2 | Ubuntu | devel | * |
| Apache2 | Ubuntu | trusty | * |
| Apache2 | Ubuntu | upstream | * |
| Apache2 | Ubuntu | xenial | * |
| Apache2 | Ubuntu | yakkety | * |
| Apache2 | Ubuntu | zesty | * |