High severity7.5NVD Advisory· Published Sep 29, 2017· Updated Jun 17, 2026
CVE-2017-7687
CVE-2017-7687
Description
When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.mesos:mesosMaven | < 1.1.3 | 1.1.3 |
org.apache.mesos:mesosMaven | >= 1.2.0, < 1.2.2 | 1.2.2 |
org.apache.mesos:mesosMaven | >= 1.3.0, < 1.3.1 | 1.3.1 |
Affected products
8cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*range: <=1.1.2
- cpe:2.3:a:apache:mesos:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:mesos:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:mesos:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:mesos:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:mesos:1.4.0-dev:*:*:*:*:*:*:*
- Apache Software Foundation/Apache Mesosv5Range: versions prior to 1.1.3
Patches
Vulnerability mechanics
References
5- www.securityfocus.com/bid/101027nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-x869-784m-jmj2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-7687ghsaADVISORY
- lists.apache.org/thread.html/2c9ed2b07c2b2831a11d21db3cf8408a71fcf2c300d73ca01bad89df@%3Cdev.mesos.apache.org%3EghsaWEB
- lists.apache.org/thread.html/2c9ed2b07c2b2831a11d21db3cf8408a71fcf2c300d73ca01bad89df%40%3Cdev.mesos.apache.org%3Envd
News mentions
0No linked articles in our index yet.