9.1

CVE-2017-9788

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version <= 2.2.33
ApacheHTTP Server Version >= 2.4.0 <= 2.4.26
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
ApplemacOS X Version < 10.13.1
NetappOncommand Unified Manager Version- SwPlatform7-mode
RedhatJboss Core Services Version1.0
   RedhatEnterprise Linux Version6.0
   RedhatEnterprise Linux Version7.0
RedhatJboss Enterprise Application Platform Version6.0.0
   RedhatEnterprise Linux Version6.0
   RedhatEnterprise Linux Version7.0
RedhatJboss Enterprise Application Platform Version6.4.0
   RedhatEnterprise Linux Version6.0
   RedhatEnterprise Linux Version7.0
RedhatJboss Enterprise Web Server Version2.0.0
   RedhatEnterprise Linux Version6.0
   RedhatEnterprise Linux Version7.0
OracleSecure Global Desktop Version5.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 56.77% 0.989
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.1 3.9 5.2
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Patch
Third Party Advisory
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
https://httpd.apache.org/security/vulnerabilities_24.html
Vendor Advisory
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
https://access.redhat.com/errata/RHSA-2017:2708
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2709
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2710
Third Party Advisory
https://support.apple.com/HT208221
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3113
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3114
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3239
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3240
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2478
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2479
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2483
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3193
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3194
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3195
Third Party Advisory
https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E
https://security.gentoo.org/glsa/201710-32
Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us
Third Party Advisory
https://www.tenable.com/security/tns-2019-09
https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E
http://www.debian.org/security/2017/dsa-3913
Third Party Advisory
http://www.securityfocus.com/bid/99569
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038906
Third Party Advisory
VDB Entry
https://httpd.apache.org/security/vulnerabilities_22.html
Vendor Advisory
https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb%40%3Cannounce.httpd.apache.org%3E
https://security.netapp.com/advisory/ntap-20170911-0002/
Third Party Advisory