LiveActive security incident?Get immediate response
CVE Record

CVE-2017-15710: In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with...

In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's Takelow

Analyst readout for executives and security teams

Plain-English summary

This CVE affects older Apache HTTP Server deployments using LDAP authentication with a specific charset configuration. A malformed language header can cause a tiny memory write outside the expected buffer. The likely impact is none or, in uncommon cases, a process crash causing denial of service.

Executive priority

Treat this as a maintenance-priority denial-of-service issue, not an emergency, unless exposed critical services match the vulnerable LDAP configuration. Patch during the next controlled update window, with faster handling for internet-facing authentication infrastructure.

Technical view

Apache httpd mod_authnz_ldap uses Accept-Language to select charset conversion when AuthLDAPCharsetConfig is enabled. For affected versions, very short header values can trigger an out-of-bounds NUL byte write during fallback handling. Sources characterize crash impact as unlikely and do not indicate code execution.

Likely exposure

Exposure is limited to Apache HTTP Server 2.0.23-2.0.65, 2.2.0-2.2.34, and 2.4.0-2.4.29 using mod_authnz_ldap with AuthLDAPCharsetConfig. Systems without that module or configuration are not described as affected.

Exploitation context

The bundle does not show known active exploitation, and KEV is false. The plausible abuse case is denial of service against exposed LDAP-authenticated Apache paths, but the CVE description says a crash is quite unlikely and no effect is more likely.

Researcher notes

The key condition is configuration-dependent: mod_authnz_ldap plus AuthLDAPCharsetConfig. The write is one NUL byte outside the string, with sources describing crash as unlikely. Evidence in the bundle does not support active exploitation or remote code execution claims.

Mitigation direction

  • Upgrade Apache httpd or vendor packages to versions containing the security fix.
  • Prioritize internet-facing servers using LDAP authentication and AuthLDAPCharsetConfig.
  • Check operating system advisories from Ubuntu, Debian, Red Hat, and relevant appliance vendors.
  • If immediate upgrade is blocked, review vendor guidance for configuration-level workarounds.

Validation and detection

  • Inventory Apache httpd versions across servers and appliances.
  • Check whether mod_authnz_ldap is enabled on affected hosts.
  • Review Apache configuration for AuthLDAPCharsetConfig usage.
  • Confirm vendor package changelogs reference CVE-2017-15710 remediation.
  • Verify public authentication routes are mapped to patched hosts.
Prepared
Confidence
high
Sources
8

Based on public source material and reviewed before publication.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2017-15710 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
0Timeline events
0ADP providers
28Source links

CVSS and timeline data

No CVSS vectors or timeline events were available in the normalized CVE source material.

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
Apache Software FoundationApache HTTP Server2.0.23 to 2.0.65, 2.2.0 to 2.2.34, 2.4.0 to 2.4.29Listed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.