You are here

Apache HTTP Server Vulnerabilities Related to Version 2.4.26

CVE-2017-7659, CVE-2017-3169, CVE-2017-7679, CVE-2017-7668, CVE-2017-3167
httpd, apache, mod_http2, mod_ssl, mod_mine

The Apache HTTP Server version 2.4.26 fixes 5 vulnerabilities.

Airlock WAF is not affected.


CVE-2017-7679: Buffer overrun related to Content-Type response header parsing in Apache httpd module mod_mime. Airlock WAF is not affected because back-end systems are trusted and do not send malicious Content Type headers. Further, Airlock WAF protected against response header injection attacks.

CVE-2017-7659: Null pointer dereference in Apache httpd module mod_http2. The affected Apache httpd version is not used by Airlock WAF.

CVE-2017-3169: Null pointer dereference in Apache httpd module mod_ssl. Airlock WAF is not affected because the affected function is not used.

CVE-2017-7668: Segmentation fault related to the strict HTTP parsing changes added in Apache httpd version 2.4.25. The affected module versions are not used by Airlock WAF.

CVE-2017-3167: Authentication bypass related to basic authentication. Airlock WAF does not use basic authentication of Apache httpd.



No action is required.

Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required