7.5

CVE-2017-9798

Exploit
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version <= 2.2.34
ApacheHTTP Server Version2.4.0
ApacheHTTP Server Version2.4.1
ApacheHTTP Server Version2.4.2
ApacheHTTP Server Version2.4.3
ApacheHTTP Server Version2.4.4
ApacheHTTP Server Version2.4.6
ApacheHTTP Server Version2.4.7
ApacheHTTP Server Version2.4.9
ApacheHTTP Server Version2.4.10
ApacheHTTP Server Version2.4.12
ApacheHTTP Server Version2.4.16
ApacheHTTP Server Version2.4.17
ApacheHTTP Server Version2.4.18
ApacheHTTP Server Version2.4.20
ApacheHTTP Server Version2.4.23
ApacheHTTP Server Version2.4.25
ApacheHTTP Server Version2.4.26
ApacheHTTP Server Version2.4.27
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 95% 0.999
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Patch
Third Party Advisory
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Patch
Third Party Advisory
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Patch
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Patch
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3113
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3114
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3239
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3240
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3193
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3194
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3195
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3475
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3476
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3477
Third Party Advisory
https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E
https://security.gentoo.org/glsa/201710-32
Third Party Advisory
https://www.tenable.com/security/tns-2019-09
Third Party Advisory
https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E
https://support.apple.com/HT208331
Third Party Advisory
http://openwall.com/lists/oss-security/2017/09/18/2
VDB Entry
Mailing List
http://www.debian.org/security/2017/dsa-3980
Third Party Advisory
http://www.securityfocus.com/bid/100872
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/105598
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039387
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:2882
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2972
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3018
Third Party Advisory
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
Patch
Third Party Advisory
Exploit
Technical Description
https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch
Patch
Third Party Advisory
Exploit
Technical Description
https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a
Patch
Vendor Advisory
https://github.com/hannob/optionsbleed
Third Party Advisory
Exploit
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798
Vendor Advisory
https://security-tracker.debian.org/tracker/CVE-2017-9798
Third Party Advisory
https://security.netapp.com/advisory/ntap-20180601-0003/
Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us
Third Party Advisory
https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch
Vendor Advisory
https://www.exploit-db.com/exploits/42745/
Third Party Advisory
Exploit
VDB Entry
http://seclists.org/fulldisclosure/2024/Sep/22