CVE-2017-12613
An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.
Find out more about CVE-2017-12613 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v3 metrics
| CVSS3 Base Score | 7.4 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H |
| Attack Vector | Network |
| Attack Complexity | High |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity Impact | None |
| Availability Impact | High |
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux Extended Update Support 6.7 (apr) | RHSA-2018:1253 | 2018-04-26 |
| Red Hat Enterprise Linux Advanced Update Support 6.6 (apr) | RHSA-2018:1253 | 2018-04-26 |
| Red Hat Enterprise Linux Server TUS (v. 6.6) (apr) | RHSA-2018:1253 | 2018-04-26 |
| Red Hat Enterprise Linux 7 (apr) | RHSA-2017:3270 | 2017-11-28 |
| Red Hat JBoss Web Server 3.1 for RHEL 6 | RHSA-2018:0466 | 2018-03-07 |
| Red Hat Enterprise Linux Advanced Update Support 6.4 (apr) | RHSA-2018:1253 | 2018-04-26 |
| Red Hat JBoss Web Server 3.1 for RHEL 7 | RHSA-2018:0466 | 2018-03-07 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 (httpd24-apr) | RHSA-2018:0316 | 2018-02-13 |
| Red Hat Enterprise Linux Advanced Update Support 6.5 (apr) | RHSA-2018:1253 | 2018-04-26 |
| Red Hat Enterprise Linux Extended Update Support 7.3 (apr) | RHSA-2018:1253 | 2018-04-26 |
| Red Hat JBoss Web Server 3.1 | RHSA-2018:0465 | 2018-03-07 |
| Red Hat JBoss Core Services 1 | RHSA-2017:3475 | 2017-12-15 |
| Red Hat Enterprise Linux 6 (apr) | RHSA-2017:3270 | 2017-11-28 |
| Red Hat Enterprise Linux Server TUS (v. 7.2) (apr) | RHSA-2018:1253 | 2018-04-26 |
| Red Hat Enterprise Linux Server Update Services for SAP Solutions 7.2 (apr) | RHSA-2018:1253 | 2018-04-26 |
| Red Hat JBoss Core Services on RHEL 6 Server | RHSA-2017:3477 | 2017-12-15 |
| Red Hat JBoss Core Services on RHEL 7 Server | RHSA-2017:3476 | 2017-12-15 |
| Red Hat Enterprise Linux Advanced Update Support 7.2 (apr) | RHSA-2018:1253 | 2018-04-26 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat JBoss Web Server 3.0 | apr | Will not fix |
| Red Hat JBoss EAP 6 | httpd | Affected |
| Red Hat Enterprise Linux 5 | apr | Will not fix |
