ID CVE-2017-9789
Summary When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server 2.4.26
    cpe:2.3:a:apache:http_server:2.4.26
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-416
CAPEC
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201710-32.NASL
    description The remote host is affected by the vulnerability described in GLSA-201710-32 (Apache: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Apache. Please review the referenced CVE identifiers for details. Impact : The Optionsbleed vulnerability can leak arbitrary memory from the server process that may contain secrets. Additionally attackers may cause a Denial of Service condition, bypass authentication, or cause information loss. Workaround : There is no known workaround at this time.
    last seen 2018-01-27
    modified 2018-01-26
    plugin id 104233
    published 2017-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104233
    title GLSA-201710-32 : Apache: Multiple vulnerabilities (Optionsbleed)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_457CE01567FA11E7867FB499BAEBFEAF.NASL
    description The Apache httpd project reports : important: Read after free in mod_http2 (CVE-2017-9789) When under stress, closing many connections, the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. important: Uninitialized memory reflection in mod_auth_digest (CVE-2017-9788)The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments. by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 101540
    published 2017-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101540
    title FreeBSD : Apache httpd -- multiple vulnerabilities (457ce015-67fa-11e7-867f-b499baebfeaf)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2017-194-01.NASL
    description New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen 2018-01-27
    modified 2018-01-26
    plugin id 101532
    published 2017-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101532
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : httpd (SSA:2017-194-01)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0261-1.NASL
    description This update for apache2 fixes several issues. These security issues were fixed : - CVE-2017-9789: When under stress (closing many connections) the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour (bsc#1048575). - CVE-2017-7659: A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process (bsc#1045160). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-01-31
    modified 2018-01-30
    plugin id 106471
    published 2018-01-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106471
    title SUSE SLES12 Security Update : Recommended update for apache2 (SUSE-SU-2018:0261-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-104.NASL
    description This update for apache2 fixes several issues. These security issues were fixed : - CVE-2017-9789: When under stress (closing many connections) the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour (bsc#1048575). - CVE-2017-7659: A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process (bsc#1045160). These non-security issues were fixed : - Use the full path to a2enmod and a2dismod in the apache-22-24-upgrade script (bsc#1042037) - Fall back to 'localhost' as hostname in gensslcert (bsc#1057406) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 106523
    published 2018-01-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106523
    title openSUSE Security Update : apache2 (openSUSE-2018-104)
  • NASL family MacOS X Local Security Checks
    NASL id MACOS_10_13.NASL
    description The remote host is running a version of Mac OS X that is prior to 10.10.5, 10.11.x prior to 10.11.6, 10.12.x prior to 10.12.6, or is not macOS 10.13. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - AppSandbox - AppleScript - Application Firewall - ATS - Audio - CFNetwork - CFNetwork Proxies - CFString - Captive Network Assistant - CoreAudio - CoreText - DesktopServices - Directory Utility - file - Fonts - fsck_msdos - HFS - Heimdal - HelpViewer - IOFireWireFamily - ImageIO - Installer - Kernel - kext tools - libarchive - libc - libexpat - Mail - Mail Drafts - ntp - Open Scripting Architecture - PCRE - Postfix - Quick Look - QuickTime - Remote Management - SQLite - Sandbox - Screen Lock - Security - Spotlight - WebKit - zlib Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2017-12-11
    modified 2017-12-11
    plugin id 103598
    published 2017-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103598
    title macOS < 10.13 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2017-004.NASL
    description The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - 802.1X - apache - AppleScript - ATS - Audio - CFString - CoreText - curl - Dictionary Widget - file - Fonts - fsck_msdos - HFS - Heimdal - HelpViewer - ImageIO - Kernel - libarchive - Open Scripting Architecture - PCRE - Postfix - Quick Look - QuickTime - Remote Management - Sandbox - StreamingZip - tcpdump - Wi-Fi
    last seen 2017-12-21
    modified 2017-12-21
    plugin id 104379
    published 2017-11-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104379
    title macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)
  • NASL family Web Servers
    NASL id APACHE_2_4_27.NASL
    description According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.27. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists in httpd due to a failure to initialize or reset the value placeholder in [Proxy-]Authorization headers of type 'Digest' before or between successive key=value assignments by mod_auth_digest. An unauthenticated, remote attacker can exploit this, by providing an initial key with no '=' assignment, to disclose sensitive information or cause a denial of service condition. (CVE-2017-9788) - A read-after-free error exists in httpd that is triggered when closing a large number of connections. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2017-9789) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2018-03-30
    modified 2018-03-29
    plugin id 101788
    published 2017-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101788
    title Apache 2.4.x < 2.4.27 Multiple Vulnerabilities
refmap via4
bid 99568
confirm
gentoo GLSA-201710-32
mlist [announce] 20170713 CVE-2017-9789: Apache httpd 2.4 Read after free in mod_http2
sectrack 1038907
Last major update 13-07-2017 - 12:29
Published 13-07-2017 - 12:29
Last modified 13-11-2017 - 21:29
Back to Top