Cve-2017-7668

Fuzzing Apache httpd server with American Fuzzy Lop + persistent mode

20 June 2017 ~8 min By Javier Jimenez

Apache Server Cve Fuzzing Httpd Afl Cve-2017-7668

Intro Recently, I reported CVE-2017-7668 (Apache Server buffer-over-read). This is a cross-post from my personal blog where I explain how to fuzz network programs with AFL by porting techniques learned in honggfuzz into AFL. After a small chat with Dominic he asked me to re-post it here which, for me it’s an honour to do so! The reported CVE was obtained with code analysis and instrumentation of the right parts of the code (mainly core and parsing) – First, with honggfuzz I got the initial dirty test cases and then, through radamsa generated a few thousands mutations and finally AFL with the technique described here.

Apache Server
Cve
Fuzzing
Httpd
Afl
Cve-2017-7668

Page 1 of 1