CVE-2017-12613 vulnerability in Apache and Other Products
Published on October 24, 2017

When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2017-12613

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2017-12613 are published in these products:

Apache Portable Runtime

Debian Linux

Red Hat Jboss Core Services

Red Hat Jboss Enterprise Web Server

Red Hat Software Collections

Red Hat Enterprise Linux Desktop

Red Hat Enterprise Linux Eus

Red Hat Enterprise Linux Server

Red Hat Enterprise Linux Server Aus

Red Hat Enterprise Linux Server Tus

Red Hat Enterprise Linux Workstation

Affected Versions

Apache Software Foundation Apache Portable Runtime Version 1.6.2 and prior is affected by CVE-2017-12613

Exploit Probability

EPSS

0.25%

Percentile

47.93%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2017-12613 vulnerability in Apache and Other ProductsPublished on October 24, 2017

Products Associated with CVE-2017-12613

Affected Versions

Exploit Probability

CVE-2017-12613 vulnerability in Apache and Other Products
Published on October 24, 2017