Apache – CVE-2017-7659

Description

Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to ‘mod_http2 Null Pointer Dereference’.
CVE-2017-7659 is categorized as a ‘NULL Pointer Dereference’ vulnerability (CWE-476).

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is actually NULL. That, will probably cause a crash or an exit.
NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.

By using a maliciously crafted HTTP/2 request, that could cause mod_http2 in Apache to dereference a NULL pointer, thus crashing the server process.

That, could lead to a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2017-7659, upgrade the version of Apache HTTP Server being used to 2.4.26.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7659

https://cwe.mitre.org/data/definitions/476.html

< Return to all Vulnerabilities

Red Team

You’ve probably heard that there are teams in the Cyber field called Red Team and Blue Team. Let’s talk about the red one, shall we?

Read More »