Description
Cytrix has detected that the Version of Apache HTTP Server being used has a ap_find_token() Buffer Overread.
CVE-2017-7668 is categorized as an ‘Out-of-bounds Read’ vulnerability (CWE-125).
That means that the software reads data past the end, or before the beginning, of the intended buffer.
The HTTP strict parsing changes added in your version of Apache introduced a bug in token list parsing. That bug allows ap_find_token() to search past the end of its input string.
By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return a wrong value.
There’s a chance that it will cause a decrease in performance and also for interruptions in the availability of resources.
This could also allow attackers to read sensitive information from other memory locations or cause a crash.
Recommendation
To fix CVE-2017-7668, upgrade the version of Apache HTTP Server being used to either 2.2.34 or 2.4.26.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668
