Vulnerability CVE-2017-9798
Published: 2017-09-18

Description:
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Apache HTTPd 2.4.27 OPTIONS Memory Leak
Hanno Böck
19.09.2017

Type:

CWE-416

 (Use After Free)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Debian -> Debian linux 
Apache -> Http server 

 References:
http://openwall.com/lists/oss-security/2017/09/18/2
http://www.debian.org/security/2017/dsa-3980
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/100872
http://www.securityfocus.com/bid/105598
http://www.securitytracker.com/id/1039387
https://access.redhat.com/errata/RHSA-2017:2882
https://access.redhat.com/errata/RHSA-2017:2972
https://access.redhat.com/errata/RHSA-2017:3018
https://access.redhat.com/errata/RHSA-2017:3113
https://access.redhat.com/errata/RHSA-2017:3114
https://access.redhat.com/errata/RHSA-2017:3193
https://access.redhat.com/errata/RHSA-2017:3194
https://access.redhat.com/errata/RHSA-2017:3195
https://access.redhat.com/errata/RHSA-2017:3239
https://access.redhat.com/errata/RHSA-2017:3240
https://access.redhat.com/errata/RHSA-2017:3475
https://access.redhat.com/errata/RHSA-2017:3476
https://access.redhat.com/errata/RHSA-2017:3477
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch
https://github.com/apache/httpd/commit/29afdd2550b3d30a8defece2b95ae81edcf66ac9
https://github.com/hannob/optionsbleed
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798
https://security-tracker.debian.org/tracker/CVE-2017-9798
https://security.gentoo.org/glsa/201710-32
https://security.netapp.com/advisory/ntap-20180601-0003/
https://support.apple.com/HT208331
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us
https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch
https://www.exploit-db.com/exploits/42745/
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Copyright 2024, cxsecurity.com

 

Back to Top