Request a Demo

Apache – CVE-2017-7659

Description

Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to ‘mod_http2 Null Pointer Dereference’.
CVE-2017-7659 is categorized as a ‘NULL Pointer Dereference’ vulnerability (CWE-476).

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is actually NULL. That, will probably cause a crash or an exit.
NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.

By using a maliciously crafted HTTP/2 request, that could cause mod_http2 in Apache to dereference a NULL pointer, thus crashing the server process.

That, could lead to a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2017-7659, upgrade the version of Apache HTTP Server being used to 2.4.26.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7659

https://cwe.mitre.org/data/definitions/476.html

< Return to all Vulnerabilities

Request a Demo

Red Team

You’ve probably heard that there are teams in the Cyber field called Red Team and Blue Team. Let’s talk about the red one, shall we?

Read More »
Facebook Linkedin

WEB APPLICATION VULNERABILITY SCANNER

Links

registered user?

Log in
Facebook Linkedin