Search for vulnerabilities
Vulnerability details: VCID-yk57-n7zf-hbah
Vulnerability ID VCID-yk57-n7zf-hbah
Aliases CVE-2017-7668
Summary The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-122 Heap-based Buffer Overflow
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7668.json
epss 0.17437 https://api.first.org/data/v1/epss?cve=CVE-2017-7668
epss 0.17437 https://api.first.org/data/v1/epss?cve=CVE-2017-7668
epss 0.17437 https://api.first.org/data/v1/epss?cve=CVE-2017-7668
epss 0.53245 https://api.first.org/data/v1/epss?cve=CVE-2017-7668
epss 0.53245 https://api.first.org/data/v1/epss?cve=CVE-2017-7668
epss 0.53245 https://api.first.org/data/v1/epss?cve=CVE-2017-7668
epss 0.53245 https://api.first.org/data/v1/epss?cve=CVE-2017-7668
epss 0.53245 https://api.first.org/data/v1/epss?cve=CVE-2017-7668
epss 0.53245 https://api.first.org/data/v1/epss?cve=CVE-2017-7668
epss 0.59296 https://api.first.org/data/v1/epss?cve=CVE-2017-7668
epss 0.59296 https://api.first.org/data/v1/epss?cve=CVE-2017-7668
epss 0.61275 https://api.first.org/data/v1/epss?cve=CVE-2017-7668
epss 0.61275 https://api.first.org/data/v1/epss?cve=CVE-2017-7668
epss 0.61275 https://api.first.org/data/v1/epss?cve=CVE-2017-7668
epss 0.61275 https://api.first.org/data/v1/epss?cve=CVE-2017-7668
epss 0.61275 https://api.first.org/data/v1/epss?cve=CVE-2017-7668
epss 0.61275 https://api.first.org/data/v1/epss?cve=CVE-2017-7668
epss 0.61275 https://api.first.org/data/v1/epss?cve=CVE-2017-7668
epss 0.61275 https://api.first.org/data/v1/epss?cve=CVE-2017-7668
epss 0.61275 https://api.first.org/data/v1/epss?cve=CVE-2017-7668
epss 0.61275 https://api.first.org/data/v1/epss?cve=CVE-2017-7668
apache_httpd important https://httpd.apache.org/security/json/CVE-2017-7668.json
archlinux High https://security.archlinux.org/AVG-316
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7668.json
https://api.first.org/data/v1/epss?cve=CVE-2017-7668
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679
1463205 https://bugzilla.redhat.com/show_bug.cgi?id=1463205
ASA-201706-34 https://security.archlinux.org/ASA-201706-34
AVG-316 https://security.archlinux.org/AVG-316
CVE-2017-7668 https://httpd.apache.org/security/json/CVE-2017-7668.json
RHSA-2017:2479 https://access.redhat.com/errata/RHSA-2017:2479
RHSA-2017:2483 https://access.redhat.com/errata/RHSA-2017:2483
RHSA-2017:3193 https://access.redhat.com/errata/RHSA-2017:3193
RHSA-2017:3194 https://access.redhat.com/errata/RHSA-2017:3194
USN-3340-1 https://usn.ubuntu.com/3340-1/
USN-3373-1 https://usn.ubuntu.com/3373-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7668.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.94838
EPSS Score 0.17437
Published At Aug. 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:29:03.331344+00:00 Apache HTTPD Importer Import https://httpd.apache.org/security/json/CVE-2017-7668.json 37.0.0