Apache – CVE-2017-7659

Description

Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to ‘mod_http2 Null Pointer Dereference’.
CVE-2017-7659 is categorized as a ‘NULL Pointer Dereference’ vulnerability (CWE-476).

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is actually NULL. That, will probably cause a crash or an exit.
NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.

By using a maliciously crafted HTTP/2 request, that could cause mod_http2 in Apache to dereference a NULL pointer, thus crashing the server process.

That, could lead to a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2017-7659, upgrade the version of Apache HTTP Server being used to 2.4.26.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7659

https://cwe.mitre.org/data/definitions/476.html

< Return to all Vulnerabilities