ID CVE-2017-12613
Summary When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:portable_runtime:1.6.2
    cpe:2.3:a:apache:portable_runtime:1.6.2
CVSS
Base: 3.6
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
nessus via4
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0053.NASL
    description An update of [apr,ncurses] packages for PhotonOS has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 111902
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111902
    title Photon OS 2.0: Apr / Ncurses PHSA-2017-0053 (deprecated)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2018-005.NASL
    description The remote host is running Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - afpserver - AppleGraphicsControl - APR - ATS - CFNetwork - CoreAnimation - CoreCrypto - CoreFoundation - CUPS - Dictionary - dyld - Foundation - Heimdal - Hypervisor - ICU - Intel Graphics Driver - IOGraphics - IOHIDFamily - IOKit - IOUserEthernet - IPSec - Kernel - Login Window - mDNSOffloadUserClient - MediaRemote - Microcode - Perl - Ruby - Security - Spotlight - Symptom Framework - WiFi
    last seen 2019-02-21
    modified 2019-01-09
    plugin id 118573
    published 2018-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118573
    title macOS and Mac OS X Multiple Vulnerabilities (Security Update 2018-005)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-450.NASL
    description This update fixes the following issues : - CVE-2017-12613: DoS or information disclosure in pr_exp_time*() or apr_os_exp_time*() functions (bsc#1064982). This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-05-11
    plugin id 109719
    published 2018-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109719
    title openSUSE Security Update : libapr1 (openSUSE-2018-450)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1196-1.NASL
    description This update fixes the following issues : - CVE-2017-12613: DoS or information disclosure in pr_exp_time*() or apr_os_exp_time*() functions (bsc#1064982). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109679
    published 2018-05-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109679
    title SUSE SLES12 Security Update : libapr1 (SUSE-SU-2018:1196-1)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-1_0-0093.NASL
    description An update of 'linux', 'krb5', 'subversion', 'apr', 'ncurses' packages of Photon OS has been released.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 111903
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111903
    title Photon OS 1.0: Apr / Krb5 / Linux / Ncurses / Subversion PHSA-2017-1.0-0093 (deprecated)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-8D2CFC3752.NASL
    description Security fix + version update Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 104603
    published 2017-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104603
    title Fedora 26 : apr (2017-8d2cfc3752)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-3270.NASL
    description An update for apr is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Security Fix(es) : * An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 104818
    published 2017-11-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104818
    title CentOS 6 / 7 : apr (CESA-2017:3270)
  • NASL family MacOS X Local Security Checks
    NASL id MACOS_10_14.NASL
    description The remote host is running a version of Mac OS X that is prior to 10.13.6 or is not macOS 10.14. It is, therefore, affected by multiple vulnerabilities in the following components : - afpserver - AppleGraphicsControl - Application Firewall - App Store - APR - ATS - Auto Unlock - Bluetooth - CFNetwork - CoreFoundation - CoreText - Crash Reporter - CUPS - Dictionary - Grand Central Dispatch - Heimdal - Hypervisor - iBooks - Intel Graphics Driver - IOHIDFamily - IOKit - IOUserEthernet - Kernel - LibreSSL - Login Window - mDNSOffloadUserClient - MediaRemote - Microcode - Security - Spotlight - Symptom Framework - Text - Wi-Fi Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-12-07
    plugin id 118178
    published 2018-10-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118178
    title macOS < 10.14 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-3476.NASL
    description An update is now available for JBoss Core Services on RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613) * It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167) * A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169) * A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679) * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) Red Hat would like to thank Hanno Bock for reporting CVE-2017-9798.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 105368
    published 2017-12-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105368
    title RHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.23 (RHSA-2017:3476) (Optionsbleed)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-1_0-0093_APR.NASL
    description An update of the apr package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121778
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121778
    title Photon OS 1.0: Apr PHSA-2017-1.0-0093
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1253.NASL
    description An update for apr is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, Red Hat Enterprise Linux 6.7 Extended Update Support, Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Security Fix(es) : * apr: Out-of-bounds array deref in apr_time_exp*() functions (CVE-2017-12613) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 109391
    published 2018-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109391
    title RHEL 6 / 7 : apr (RHSA-2018:1253)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-928.NASL
    description An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.(CVE-2017-12613)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 105052
    published 2017-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105052
    title Amazon Linux AMI : apr (ALAS-2017-928)
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZLSA-2017-3270.NASL
    description An update for apr is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Security Fix(es) : * An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613) Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-17
    plugin id 105048
    published 2017-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105048
    title Virtuozzo 7 : apr / apr-devel (VZLSA-2017-3270)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL52319810.NASL
    description When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. (CVE-2017-12613) Impact This vulnerability may allow unauthorized information disclosure or denial of service.
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 118678
    published 2018-11-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118678
    title F5 Networks BIG-IP : Apache Portable Runtime vulnerability (K52319810)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0053_APR.NASL
    description An update of the apr package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121776
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121776
    title Photon OS 2.0: Apr PHSA-2017-0053
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1162.NASL
    description It was discovered that there was an out-of-bounds memory vulnerability in apr, a support/portability library for various applications. When the apr_exp_time*() or apr_os_exp_time*() functions were invoked with an invalid month field value, out of bounds memory may have been be accessed when converting this value to an apr_time_exp_t value. This could have potentially revealed the contents of a different static heap value or resulted in program termination. For Debian 7 'Wheezy', this issue has been fixed in apr version 1.4.6-3+deb7u2. We recommend that you upgrade your apr packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 104412
    published 2017-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104412
    title Debian DLA-1162-1 : apr security update
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD_10_13_6_2018-002.NASL
    description The remote host is running macOS 10.13.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - fpserver - AppleGraphicsControl - APR - ATS - CFNetwork - CoreAnimation - CoreCrypto - CoreFoundation - CUPS - Dictionary - dyld - EFI - Foundation - Grand Central Dispatch - Heimdal - Hypervisor - ICU - Intel Graphics Driver - IOGraphics - IOHIDFamily - IOKit - IOUserEthernet - IPSec - Kernel - Login Window - mDNSOffloadUserClient - MediaRemote - Microcode - NetworkExtension - Security - Spotlight - Symptom Framework - WiFi
    last seen 2019-02-21
    modified 2018-12-07
    plugin id 118575
    published 2018-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118575
    title macOS 10.13.6 Multiple Vulnerabilities (Security Update 2018-002)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-3270.NASL
    description From Red Hat Security Advisory 2017:3270 : An update for apr is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Security Fix(es) : * An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613)
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 104838
    published 2017-11-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104838
    title Oracle Linux 6 / 7 : apr (ELSA-2017-3270)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-0466.NASL
    description An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 2 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * apr: Out-of-bounds array deref in apr_time_exp*() functions (CVE-2017-12613) * tomcat: Remote Code Execution via JSP Upload (CVE-2017-12615) * tomcat: Information Disclosure when using VirtualDirContext (CVE-2017-12616) * tomcat: Remote Code Execution bypass for CVE-2017-12615 (CVE-2017-12617) * tomcat-native: Mishandling of client certificates can allow for OCSP check bypass (CVE-2017-15698) * tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304) * tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 107208
    published 2018-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107208
    title RHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 2 (RHSA-2018:0466)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-3270.NASL
    description An update for apr is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Security Fix(es) : * An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 104842
    published 2017-11-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104842
    title RHEL 6 / 7 : apr (RHSA-2017:3270)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1322-1.NASL
    description This update fixes the following issues : - CVE-2017-12613: DoS or information disclosure in pr_exp_time*() or apr_os_exp_time*() functions (bsc#1064982). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109889
    published 2018-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109889
    title SUSE SLES11 Security Update : libapr1 (SUSE-SU-2018:1322-1)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1303.NASL
    description According to the version of the apr packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.(CVE-2017-12613) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 104921
    published 2017-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104921
    title EulerOS 2.0 SP1 : apr (EulerOS-SA-2017-1303)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-3477.NASL
    description An update is now available for JBoss Core Services on RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613) * It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167) * A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169) * A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679) * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) Red Hat would like to thank Hanno Bock for reporting CVE-2017-9798.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 105369
    published 2017-12-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105369
    title RHEL 6 : Red Hat JBoss Core Services Apache HTTP Server 2.4.23 (RHSA-2017:3477) (Optionsbleed)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1304.NASL
    description According to the version of the apr packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.(CVE-2017-12613) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 104922
    published 2017-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104922
    title EulerOS 2.0 SP2 : apr (EulerOS-SA-2017-1304)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-48368DE8C9.NASL
    description Security fix + version update Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 105866
    published 2018-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105866
    title Fedora 27 : apr (2017-48368de8c9)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20171129_APR_ON_SL6_X.NASL
    description Security Fix(es) : - An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 104866
    published 2017-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104866
    title Scientific Linux Security Update : apr on SL6.x, SL7.x i386/x86_64
redhat via4
advisories
  • bugzilla
    id 1506523
    title CVE-2017-12613 apr: Out-of-bounds array deref in apr_time_exp*() functions
    oval
    OR
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhsa:tst:20100842001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhsa:tst:20100842002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20100842003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20100842004
      • OR
        • AND
          • comment apr is earlier than 0:1.3.9-5.el6_9.1
            oval oval:com.redhat.rhsa:tst:20173270005
          • comment apr is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110507018
        • AND
          • comment apr-devel is earlier than 0:1.3.9-5.el6_9.1
            oval oval:com.redhat.rhsa:tst:20173270007
          • comment apr-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110507020
    • AND
      • OR
        • comment Red Hat Enterprise Linux 7 Client is installed
          oval oval:com.redhat.rhsa:tst:20140675001
        • comment Red Hat Enterprise Linux 7 Server is installed
          oval oval:com.redhat.rhsa:tst:20140675002
        • comment Red Hat Enterprise Linux 7 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20140675003
        • comment Red Hat Enterprise Linux 7 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20140675004
      • OR
        • AND
          • comment apr is earlier than 0:1.4.8-3.el7_4.1
            oval oval:com.redhat.rhsa:tst:20173270014
          • comment apr is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110507018
        • AND
          • comment apr-devel is earlier than 0:1.4.8-3.el7_4.1
            oval oval:com.redhat.rhsa:tst:20173270013
          • comment apr-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110507020
    rhsa
    id RHSA-2017:3270
    released 2017-11-28
    severity Important
    title RHSA-2017:3270: apr security update (Important)
  • rhsa
    id RHSA-2017:3475
  • rhsa
    id RHSA-2017:3476
  • rhsa
    id RHSA-2017:3477
  • rhsa
    id RHSA-2018:0316
  • rhsa
    id RHSA-2018:0465
  • rhsa
    id RHSA-2018:0466
  • rhsa
    id RHSA-2018:1253
rpms
  • apr-0:1.3.9-5.el6_9.1
  • apr-devel-0:1.3.9-5.el6_9.1
  • apr-0:1.4.8-3.el7_4.1
  • apr-devel-0:1.4.8-3.el7_4.1
refmap via4
bid 101560
confirm
mlist
  • [announce] 20171023 Apache Portable Runtime APR 1.6.3, APR-util 1.6.1 and APR-iconv 1.2.2 Released
  • [debian-lts-announce] 20171106 [SECURITY] [DLA 1162-1] apr security update
sectrack 1042004
Last major update 23-10-2017 - 21:29
Published 23-10-2017 - 21:29
Last modified 31-10-2018 - 06:29
Back to Top