Analyst readout for executives and security teams
Plain-English summary
This CVE affects older Apache HTTP Server deployments using LDAP authentication with a specific charset configuration. A malformed language header can cause a tiny memory write outside the expected buffer. The likely impact is none or, in uncommon cases, a process crash causing denial of service.
Executive priority
Treat this as a maintenance-priority denial-of-service issue, not an emergency, unless exposed critical services match the vulnerable LDAP configuration. Patch during the next controlled update window, with faster handling for internet-facing authentication infrastructure.
Technical view
Apache httpd mod_authnz_ldap uses Accept-Language to select charset conversion when AuthLDAPCharsetConfig is enabled. For affected versions, very short header values can trigger an out-of-bounds NUL byte write during fallback handling. Sources characterize crash impact as unlikely and do not indicate code execution.
Likely exposure
Exposure is limited to Apache HTTP Server 2.0.23-2.0.65, 2.2.0-2.2.34, and 2.4.0-2.4.29 using mod_authnz_ldap with AuthLDAPCharsetConfig. Systems without that module or configuration are not described as affected.
Exploitation context
The bundle does not show known active exploitation, and KEV is false. The plausible abuse case is denial of service against exposed LDAP-authenticated Apache paths, but the CVE description says a crash is quite unlikely and no effect is more likely.
Researcher notes
The key condition is configuration-dependent: mod_authnz_ldap plus AuthLDAPCharsetConfig. The write is one NUL byte outside the string, with sources describing crash as unlikely. Evidence in the bundle does not support active exploitation or remote code execution claims.
Mitigation direction
- Upgrade Apache httpd or vendor packages to versions containing the security fix.
- Prioritize internet-facing servers using LDAP authentication and AuthLDAPCharsetConfig.
- Check operating system advisories from Ubuntu, Debian, Red Hat, and relevant appliance vendors.
- If immediate upgrade is blocked, review vendor guidance for configuration-level workarounds.
Validation and detection
- Inventory Apache httpd versions across servers and appliances.
- Check whether mod_authnz_ldap is enabled on affected hosts.
- Review Apache configuration for AuthLDAPCharsetConfig usage.
- Confirm vendor package changelogs reference CVE-2017-15710 remediation.
- Verify public authentication routes are mapped to patched hosts.
Public sources used
Based on public source material and reviewed before publication.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CVE-2017-15710 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Unknown
- CVSS
- Not scored
- Known Exploited
- No
- Published
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS and timeline data
No CVSS vectors or timeline events were available in the normalized CVE source material.
Source materials
- CVE List V5 sourceCVE List V5
- USN-3627-1CVE reference · vendor-advisory, x_refsource_UBUNTU
- 103512CVE reference · vdb-entry, x_refsource_BID
- DSA-4164CVE reference · vendor-advisory, x_refsource_DEBIAN
- https://security.netapp.com/advisory/ntap-20180601-0004/CVE reference · x_refsource_CONFIRM
- RHSA-2018:3558CVE reference · vendor-advisory, x_refsource_REDHAT
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_usCVE reference · x_refsource_CONFIRM
- RHSA-2019:0367CVE reference · vendor-advisory, x_refsource_REDHAT
- USN-3627-2CVE reference · vendor-advisory, x_refsource_UBUNTU
- [oss-security] 20180323 CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language valuesCVE reference · mailing-list, x_refsource_MLIST
- 1040569CVE reference · vdb-entry, x_refsource_SECTRACK
- https://httpd.apache.org/security/vulnerabilities_24.htmlCVE reference · x_refsource_CONFIRM
- [debian-lts-announce] 20180530 [SECURITY] [DLA 1389-1] apache2 security updateCVE reference · mailing-list, x_refsource_MLIST
- RHSA-2019:0366CVE reference · vendor-advisory, x_refsource_REDHAT
- USN-3937-2CVE reference · vendor-advisory, x_refsource_UBUNTU
- [httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlCVE reference · mailing-list, x_refsource_MLIST
- [httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlCVE reference · mailing-list, x_refsource_MLIST
- https://www.tenable.com/security/tns-2019-09CVE reference · x_refsource_CONFIRM
- [httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlCVE reference · mailing-list, x_refsource_MLIST
- [httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlCVE reference · mailing-list, x_refsource_MLIST
- [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE reference · mailing-list, x_refsource_MLIST
- [httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/CVE reference · mailing-list, x_refsource_MLIST
- [httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlCVE reference · mailing-list, x_refsource_MLIST
- [httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/CVE reference · mailing-list, x_refsource_MLIST
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
