CVE-2017-9798
Description
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.
CWE
- (none)
Affected
- Apache Software Foundation / Apache HTTP Server — v=Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27 [affected]
CVSS
- (none)
References
- https://access.redhat.com/errata/RHSA-2017:3113 vendor-advisory, x_refsource_REDHAT
- http://www.securityfocus.com/bid/100872 vdb-entry, x_refsource_BID
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html x_refsource_CONFIRM
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html x_refsource_CONFIRM
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html x_refsource_CONFIRM
- https://access.redhat.com/errata/RHSA-2017:2882 vendor-advisory, x_refsource_REDHAT
- https://access.redhat.com/errata/RHSA-2017:2972 vendor-advisory, x_refsource_REDHAT
- https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch x_refsource_MISC
- https://support.apple.com/HT208331 x_refsource_CONFIRM
- http://www.securitytracker.com/id/1039387 vdb-entry, x_refsource_SECTRACK
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us x_refsource_CONFIRM
- https://access.redhat.com/errata/RHSA-2017:3475 vendor-advisory, x_refsource_REDHAT
- https://github.com/hannob/optionsbleed x_refsource_MISC
- https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch x_refsource_MISC
- https://access.redhat.com/errata/RHSA-2017:3240 vendor-advisory, x_refsource_REDHAT
- https://access.redhat.com/errata/RHSA-2017:3195 vendor-advisory, x_refsource_REDHAT
- https://access.redhat.com/errata/RHSA-2017:3018 vendor-advisory, x_refsource_REDHAT
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html x_refsource_CONFIRM
- https://access.redhat.com/errata/RHSA-2017:3239 vendor-advisory, x_refsource_REDHAT
- https://access.redhat.com/errata/RHSA-2017:3476 vendor-advisory, x_refsource_REDHAT
- http://www.securityfocus.com/bid/105598 vdb-entry, x_refsource_BID
- https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798 x_refsource_CONFIRM
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html x_refsource_CONFIRM
- https://access.redhat.com/errata/RHSA-2017:3114 vendor-advisory, x_refsource_REDHAT
- https://access.redhat.com/errata/RHSA-2017:3477 vendor-advisory, x_refsource_REDHAT
- http://openwall.com/lists/oss-security/2017/09/18/2 x_refsource_MISC
- https://security.netapp.com/advisory/ntap-20180601-0003/ x_refsource_CONFIRM
- https://access.redhat.com/errata/RHSA-2017:3194 vendor-advisory, x_refsource_REDHAT
- https://security-tracker.debian.org/tracker/CVE-2017-9798 x_refsource_MISC
- https://access.redhat.com/errata/RHSA-2017:3193 vendor-advisory, x_refsource_REDHAT
- http://www.debian.org/security/2017/dsa-3980 vendor-advisory, x_refsource_DEBIAN
- https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html x_refsource_MISC
- https://www.exploit-db.com/exploits/42745/ exploit, x_refsource_EXPLOIT-DB
- https://security.gentoo.org/glsa/201710-32 vendor-advisory, x_refsource_GENTOO
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html x_refsource_MISC
- https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://www.tenable.com/security/tns-2019-09 x_refsource_CONFIRM
- https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a x_refsource_MISC
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
Source
cvelistV5-main/cves/2017/9xxx/CVE-2017-9798.json