You are here

Apache HTTP Server Vulnerabilities Related to Version 2.4.26

Affects product: 
Airlock WAF
IDs: 
CVE-2017-7659, CVE-2017-3169, CVE-2017-7679, CVE-2017-7668, CVE-2017-3167
Keywords: 
httpd, apache, mod_http2, mod_ssl, mod_mine
Description: 

The Apache HTTP Server version 2.4.26 fixes 5 vulnerabilities.

Airlock WAF is not affected.

Details

CVE-2017-7679: Buffer overrun related to Content-Type response header parsing in Apache httpd module mod_mime. Airlock WAF is not affected because back-end systems are trusted and do not send malicious Content Type headers. Further, Airlock WAF protected against response header injection attacks.

CVE-2017-7659: Null pointer dereference in Apache httpd module mod_http2. The affected Apache httpd version is not used by Airlock WAF.

CVE-2017-3169: Null pointer dereference in Apache httpd module mod_ssl. Airlock WAF is not affected because the affected function is not used.

CVE-2017-7668: Segmentation fault related to the strict HTTP parsing changes added in Apache httpd version 2.4.25. The affected module versions are not used by Airlock WAF.

CVE-2017-3167: Authentication bypass related to basic authentication. Airlock WAF does not use basic authentication of Apache httpd.

 

Resolution: 

No action is required.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required