ID CVE-2017-9798
Summary Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server 2.2.34
    cpe:2.3:a:apache:http_server:2.2.34
  • Apache Software Foundation Apache HTTP Server 2.4.0
    cpe:2.3:a:apache:http_server:2.4.0
  • Apache Software Foundation Apache HTTP Server 2.4.1
    cpe:2.3:a:apache:http_server:2.4.1
  • Apache Software Foundation Apache HTTP Server 2.4.2
    cpe:2.3:a:apache:http_server:2.4.2
  • Apache Software Foundation Apache HTTP Server 2.4.3
    cpe:2.3:a:apache:http_server:2.4.3
  • Apache Software Foundation Apache HTTP Server 2.4.4
    cpe:2.3:a:apache:http_server:2.4.4
  • Apache Software Foundation Apache HTTP Server 2.4.6
    cpe:2.3:a:apache:http_server:2.4.6
  • Apache Software Foundation Apache HTTP Server 2.4.7
    cpe:2.3:a:apache:http_server:2.4.7
  • Apache Software Foundation Apache HTTP Server 2.4.9
    cpe:2.3:a:apache:http_server:2.4.9
  • Apache Software Foundation Apache HTTP Server 2.4.10
    cpe:2.3:a:apache:http_server:2.4.10
  • Apache Software Foundation Apache HTTP Server 2.4.12
    cpe:2.3:a:apache:http_server:2.4.12
  • Apache Software Foundation Apache HTTP Server 2.4.16
    cpe:2.3:a:apache:http_server:2.4.16
  • Apache Software Foundation Apache HTTP Server 2.4.17
    cpe:2.3:a:apache:http_server:2.4.17
  • Apache Software Foundation Apache HTTP Server 2.4.18
    cpe:2.3:a:apache:http_server:2.4.18
  • Apache Software Foundation HTTP Server 2.4.20
    cpe:2.3:a:apache:http_server:2.4.20
  • Apache Software Foundation HTTP Server 2.4.23
    cpe:2.3:a:apache:http_server:2.4.23
  • Apache Software Foundation Apache HTTP Server 2.4.25
    cpe:2.3:a:apache:http_server:2.4.25
  • Apache Software Foundation Apache HTTP Server 2.4.26
    cpe:2.3:a:apache:http_server:2.4.26
  • Apache Software Foundation Apache HTTP Server 2.4.27
    cpe:2.3:a:apache:http_server:2.4.27
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-416
CAPEC
exploit-db via4
description Apache - HTTP OPTIONS Memory Leak. CVE-2017-9798. Webapps exploit for Linux platform
file exploits/linux/webapps/42745.py
id EDB-ID:42745
last seen 2017-09-18
modified 2017-09-18
platform linux
port
published 2017-09-18
reporter Exploit-DB
source https://www.exploit-db.com/download/42745/
title Apache - HTTP OPTIONS Memory Leak
type webapps
metasploit via4
description This module scans for the Apache optionsbleed vulnerability where the Allow response header returned from an OPTIONS request may bleed memory if the server has a .htaccess file with an invalid Limit method defined.
id MSF:AUXILIARY/SCANNER/HTTP/APACHE_OPTIONSBLEED
last seen 2019-03-21
modified 2018-08-27
published 2017-09-27
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/apache_optionsbleed.rb
title Apache Optionsbleed Scanner
nessus via4
  • NASL family Misc.
    NASL id ORACLE_ENTERPRISE_MANAGER_JUL_2018_CPU.NASL
    description The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in the Enterprise Manager Base Platform component.
    last seen 2019-02-21
    modified 2018-12-21
    plugin id 111152
    published 2018-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111152
    title Oracle Enterprise Manager Cloud Control Multiple Vulnerabilities (July 2018 CPU)
  • NASL family Junos Local Security Checks
    NASL id JUNIPER_SPACE_JSA_10838.NASL
    description According to its self-reported version number, the remote Junos Space version is prior to 17.2R1. It is, therefore, affected by multiple vulnerabilities.
    last seen 2019-02-21
    modified 2018-08-03
    plugin id 108520
    published 2018-03-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108520
    title Juniper Junos Space < 17.2R1 Multiple Vulnerabilities (JSA10838)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2017-005.NASL
    description The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - apache - curl - IOAcceleratorFamily - IOKit - Kernel - OpenSSL - Screen Sharing Server
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 105081
    published 2017-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105081
    title macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-002 and 2017-005)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-3194.NASL
    description An update for httpd is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788) * It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167) * A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169) * A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668) * A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679) * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) Red Hat would like to thank Hanno Bock for reporting CVE-2017-9798.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 104540
    published 2017-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104540
    title RHEL 7 : httpd (RHSA-2017:3194) (Optionsbleed)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-389.NASL
    description This update for VirtualBox to version 5.1.36 fixes multiple issues : Security issues fixed : - CVE-2018-0739: Unauthorized remote attacker may have caused a hang or frequently repeatable crash (complete DOS) - CVE-2018-2830: Attacker with host login may have compromised Virtualbox or further system services after interaction with a third user - CVE-2018-2831: Attacker with host login may have compromised VirtualBox or further system services, allowing read access to some data - CVE-2018-2835: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user - CVE-2018-2836: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user - CVE-2018-2837: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user - CVE-2018-2842: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user - CVE-2018-2843: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user - CVE-2018-2844: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user - CVE-2018-2845: Attacker with host login may have caused a hang or frequently repeatable crash (complete DOS), and perform unauthorized read and write operation to some VirtualBox accessible data - CVE-2018-2860: Privileged attacker may have gained control over VirtualBox and possibly further system services http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose- 3678108.html http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067 .html#AppendixOVIR This update also contains all upstream fixes and improvements in the stable 5.1.36 release.
    last seen 2019-02-21
    modified 2018-09-04
    plugin id 109294
    published 2018-04-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109294
    title openSUSE Security Update : virtualbox (openSUSE-2018-389) (Optionsbleed)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-3240.NASL
    description An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 and Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 21st November 2017] Previously, this erratum was marked as a replacement of the JBoss Enterprise Application Platform 6.4.16 Natives. This was incorrect; the erratum is an update, not a replacement. The erratum text has been modified to reflect this. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release provides an update to httpd and OpenSSL. The updates are documented in the Release Notes document linked to in the References. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. This release of JBoss Enterprise Application Platform 6.4.18 Natives serves as an update to the JBoss Enterprise Application Platform 6.4.16 Natives and includes bug fixes which are documented in the Release Notes document linked to in the References. All users of Red Hat JBoss Enterprise Application Platform 6.4 Natives are advised to upgrade to these updated packages. Security Fix(es) : * It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS /SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) Red Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno Bock for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Gaetan Leurent (Inria) as the original reporters of CVE-2016-2183. Bug Fix(es) : * CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1508880) * mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1508884) * Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1508885)
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 104699
    published 2017-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104699
    title RHEL 6 / 7 : JBoss EAP (RHSA-2017:3240) (Optionsbleed)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201710-32.NASL
    description The remote host is affected by the vulnerability described in GLSA-201710-32 (Apache: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Apache. Please review the referenced CVE identifiers for details. Impact : The Optionsbleed vulnerability can leak arbitrary memory from the server process that may contain secrets. Additionally attackers may cause a Denial of Service condition, bypass authentication, or cause information loss. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 104233
    published 2017-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104233
    title GLSA-201710-32 : Apache: Multiple vulnerabilities (Optionsbleed)
  • NASL family MacOS X Local Security Checks
    NASL id MACOS_10_13_2.NASL
    description The remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.2. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - curl - Directory Utility - IOAcceleratorFamily - IOKit - Intel Graphics Driver - Kernel - Mail - Mail Drafts - OpenSSL - Screen Sharing Server Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 105080
    published 2017-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105080
    title macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2907-1.NASL
    description This update for apache2 fixes the following issues : - Allow disabling SNI on proxy connections using 'SetEnv proxy-disable-sni 1' in the configuration files. (bsc#1052830) - Allow ECDH again in mod_ssl, it had been incorrectly disabled with the 2.2.34 update. (bsc#1064561) Following security issue has been fixed : - CVE-2017-9798: A use-after-free in the OPTIONS command could be used by attackers to disclose memory of the apache server process, when htaccess uses incorrect Limit statement. (bsc#1058058) Additionally, references to the following security issues, fixed by the previous version-update of apache2 to Apache HTTPD 2.2.34 have been added : - CVE-2017-7668: The HTTP strict parsing introduced a bug in token list parsing, which allowed ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may have be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. (bsc#1045061) - CVE-2017-3169: mod_ssl may have de-referenced a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port allowing for DoS. (bsc#1045062) - CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may have lead to authentication requirements being bypassed. (bsc#1045065) - CVE-2017-7679: mod_mime could have read one byte past the end of a buffer when sending a malicious Content-Type response header. (bsc#1045060) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 104270
    published 2017-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104270
    title SUSE SLES11 Security Update : apache2 (SUSE-SU-2017:2907-1) (Optionsbleed)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2756-1.NASL
    description This update for apache2 fixes several issues. These security issues were fixed : - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS (bsc#1058058) - CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest could have lead to leakage of potentially confidential information, and a segfault in other cases resulting in DoS (bsc#1048576). - CVE-2017-7679: mod_mime could have read one byte past the end of a buffer when sending a malicious Content-Type response header (bsc#1045060). - CVE-2017-3169: mod_ssl may dereferenced a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port allowing for DoS (bsc#1045062). - CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may have lead to authentication requirements being bypassed (bsc#1045065). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 103961
    published 2017-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103961
    title SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2756-1) (Optionsbleed)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-3476.NASL
    description An update is now available for JBoss Core Services on RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613) * It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167) * A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169) * A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679) * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) Red Hat would like to thank Hanno Bock for reporting CVE-2017-9798.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 105368
    published 2017-12-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105368
    title RHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.23 (RHSA-2017:3476) (Optionsbleed)
  • NASL family Web Servers
    NASL id ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL
    description The version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities as noted in the January 2018 CPU advisory.
    last seen 2019-02-21
    modified 2019-01-25
    plugin id 106299
    published 2018-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106299
    title Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2018 CPU)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-A52F252521.NASL
    description This is a release fixing a security fix applied upstream, known as 'optionsbleed' in popular parlance. It is relevant for hosted and co-located instances of Fedora (and why wouldn't you?). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 103438
    published 2017-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103438
    title Fedora 26 : httpd (2017-a52f252521) (Optionsbleed)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-2882.NASL
    description An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) Red Hat would like to thank Hanno Bock for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 103790
    published 2017-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103790
    title CentOS 7 : httpd (CESA-2017:2882) (Optionsbleed)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-2882.NASL
    description From Red Hat Security Advisory 2017:2882 : An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) Red Hat would like to thank Hanno Bock for reporting this issue.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 103803
    published 2017-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103803
    title Oracle Linux 7 : httpd (ELSA-2017-2882) (Optionsbleed)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-3195.NASL
    description An update for httpd is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788) * It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167) * A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169) * A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679) * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) Red Hat would like to thank Hanno Bock for reporting CVE-2017-9798.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 104541
    published 2017-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104541
    title RHEL 6 : httpd (RHSA-2017:3195) (Optionsbleed)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20171011_HTTPD_ON_SL7_X.NASL
    description Security Fix(es) : - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 103806
    published 2017-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103806
    title Scientific Linux Security Update : httpd on SL7.x x86_64 (Optionsbleed)
  • NASL family Web Servers
    NASL id SUN_JAVA_WEB_SERVER_7_0_27.NASL
    description According to its self-reported version, the Oracle iPlanet Web Server (formerly known as Sun Java System Web Server) running on the remote host is 7.0.x prior to 7.0.27 Patch 26834070. It is, therefore, affected by an unspecified vulnerability in the Network Security Services (NSS) library with unknown impact.
    last seen 2019-02-21
    modified 2018-08-03
    plugin id 106349
    published 2018-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106349
    title Oracle iPlanet Web Server 7.0.x < 7.0.27 NSS Unspecified Vulnerability (January 2018 CPU)
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZLSA-2017-2972.NASL
    description An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) * A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the 'Allow' and 'Deny' configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. (CVE-2017-12171) Red Hat would like to thank Hanno BAPck for reporting CVE-2017-9798 and KAWAHARA Masashi for reporting CVE-2017-12171. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 119234
    published 2018-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119234
    title Virtuozzo 6 : httpd / httpd-devel / httpd-manual / httpd-tools / etc (VZLSA-2017-2972)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20171019_HTTPD_ON_SL6_X.NASL
    description Security Fix(es) : - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) - A regression was found in the Scientific Linux 6.9 version of httpd, causing comments in the 'Allow' and 'Deny' configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. (CVE-2017-12171)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 104007
    published 2017-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104007
    title Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (Optionsbleed)
  • NASL family Web Servers
    NASL id APACHE_2_4_28.NASL
    description According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.28. It is, therefore, affected by an HTTP vulnerability related to the directive in an .htaccess file. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-09-17
    plugin id 103838
    published 2017-10-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103838
    title Apache 2.4.x < 2.4.28 HTTP Vulnerability (OptionsBleed)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_76B085E29D3311E79260000C292EE6B8.NASL
    description The Fuzzing Project reports : Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 103344
    published 2017-09-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103344
    title FreeBSD : Apache -- HTTP OPTIONS method can leak server memory (76b085e2-9d33-11e7-9260-000c292ee6b8) (Optionsbleed)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-1083.NASL
    description This update for apache2 fixes the following security issue : - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS (bsc#1058058). This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 103399
    published 2017-09-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103399
    title openSUSE Security Update : apache2 (openSUSE-2017-1083) (Optionsbleed)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-896.NASL
    description Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration.(CVE-2017-9798)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 103309
    published 2017-09-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103309
    title Amazon Linux AMI : httpd24 / httpd (ALAS-2017-896) (Optionsbleed)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1253.NASL
    description According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 104278
    published 2017-11-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104278
    title EulerOS 2.0 SP2 : httpd (EulerOS-SA-2017-1253)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2542-1.NASL
    description This update for apache2 fixes the following security issue : - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS (bsc#1058058). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 103413
    published 2017-09-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103413
    title SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2542-1) (Optionsbleed)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-3193.NASL
    description An update for httpd is now available for Red Hat Enterprise Linux 7.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788) * It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167) * A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169) * A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668) * A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679) * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) Red Hat would like to thank Hanno Bock for reporting CVE-2017-9798.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 104539
    published 2017-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104539
    title RHEL 7 : httpd (RHSA-2017:3193) (Optionsbleed)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1102.NASL
    description Hanno Boeck discovered that incorrect parsing of Limit directives of .htaccess files by the Apache HTTP Server could result in memory disclosure. For Debian 7 'Wheezy', these problems have been fixed in version 2.2.22-13+deb7u12. We recommend that you upgrade your apache2 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 103389
    published 2017-09-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103389
    title Debian DLA-1102-1 : apache2 security update (Optionsbleed)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1252.NASL
    description According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 104277
    published 2017-11-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104277
    title EulerOS 2.0 SP1 : httpd (EulerOS-SA-2017-1252)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2017-261-01.NASL
    description New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 103306
    published 2017-09-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103306
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : httpd (SSA:2017-261-01) (Optionsbleed)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2718-1.NASL
    description This update for apache2 fixes one issues. This security issue was fixed : - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS (bsc#1058058) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 103833
    published 2017-10-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103833
    title SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2718-1) (Optionsbleed)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-FDD3A98E8F.NASL
    description This is a release fixing a security fix applied upstream, known as 'optionsbleed' in popular parlance. It is relevant for hosted and co-located instances of Fedora (and why wouldn't you?). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 106018
    published 2018-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106018
    title Fedora 27 : httpd (2017-fdd3a98e8f) (Optionsbleed)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-3477.NASL
    description An update is now available for JBoss Core Services on RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613) * It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167) * A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169) * A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679) * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) Red Hat would like to thank Hanno Bock for reporting CVE-2017-9798.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 105369
    published 2017-12-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105369
    title RHEL 6 : Red Hat JBoss Core Services Apache HTTP Server 2.4.23 (RHSA-2017:3477) (Optionsbleed)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-2972.NASL
    description An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) * A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the 'Allow' and 'Deny' configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. (CVE-2017-12171) Red Hat would like to thank Hanno Bock for reporting CVE-2017-9798 and KAWAHARA Masashi for reporting CVE-2017-12171.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 104053
    published 2017-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104053
    title CentOS 6 : httpd (CESA-2017:2972) (Optionsbleed)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3980.NASL
    description Hanno Boeck discovered that incorrect parsing of Limit directives of .htaccess files by the Apache HTTP Server could result in memory disclosure.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 103364
    published 2017-09-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103364
    title Debian DSA-3980-1 : apache2 - security update (Optionsbleed)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-3113.NASL
    description An update is now available for Red Hat JBoss Enterprise Web Server 2.1.2 for RHEL 6 and Red Hat JBoss Enterprise Web Server 2.1.2 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. This release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2. The updates are documented in the Release Notes document linked to in the References. This release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a update for Red Hat JBoss Web Server 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Users of Red Hat JBoss Web Server 2 should upgrade to these updated packages, which resolve several security issues. Security Fix(es) : * It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788) * A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615) * A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS /SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) Red Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno Bock for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Gaetan Leurent (Inria) as the original reporters of CVE-2016-2183. Bug Fix(es) : * Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1338640) * mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1448709) * CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075)
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 104456
    published 2017-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104456
    title RHEL 6 / 7 : Red Hat JBoss Web Server (RHSA-2017:3113) (Optionsbleed)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2972.NASL
    description An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) * A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the 'Allow' and 'Deny' configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. (CVE-2017-12171) Red Hat would like to thank Hanno Bock for reporting CVE-2017-9798 and KAWAHARA Masashi for reporting CVE-2017-12171.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 104006
    published 2017-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104006
    title RHEL 6 : httpd (RHSA-2017:2972) (Optionsbleed)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-2972.NASL
    description From Red Hat Security Advisory 2017:2972 : An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) * A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the 'Allow' and 'Deny' configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. (CVE-2017-12171) Red Hat would like to thank Hanno Bock for reporting CVE-2017-9798 and KAWAHARA Masashi for reporting CVE-2017-12171.
    last seen 2019-02-21
    modified 2018-09-24
    plugin id 104002
    published 2017-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104002
    title Oracle Linux 6 : httpd (ELSA-2017-2972) (Optionsbleed)
  • NASL family Misc.
    NASL id ORACLE_SECURE_GLOBAL_DESKTOP_APR_2018_CPU.NASL
    description The version of Oracle Secure Global Desktop installed on the remote host is 5.3 and is missing a security patch from the April 2018 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities.
    last seen 2019-02-21
    modified 2018-07-26
    plugin id 109165
    published 2018-04-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109165
    title Oracle Secure Global Desktop Multiple Vulnerabilities (April 2018 CPU)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2882.NASL
    description An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) Red Hat would like to thank Hanno Bock for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 103804
    published 2017-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103804
    title RHEL 7 : httpd (RHSA-2017:2882) (Optionsbleed)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3425-1.NASL
    description Hanno Bock discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker could possibly use this issue to read arbitrary server memory, including sensitive information. This issue is known as Optionsbleed. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 103356
    published 2017-09-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103356
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : apache2 vulnerability (USN-3425-1) (Optionsbleed)
redhat via4
advisories
  • bugzilla
    id 1490344
    title CVE-2017-9798 httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment httpd is earlier than 0:2.4.6-67.el7_4.5
          oval oval:com.redhat.rhsa:tst:20172882009
        • comment httpd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111245017
      • AND
        • comment httpd-devel is earlier than 0:2.4.6-67.el7_4.5
          oval oval:com.redhat.rhsa:tst:20172882007
        • comment httpd-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111245019
      • AND
        • comment httpd-manual is earlier than 0:2.4.6-67.el7_4.5
          oval oval:com.redhat.rhsa:tst:20172882019
        • comment httpd-manual is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111245025
      • AND
        • comment httpd-tools is earlier than 0:2.4.6-67.el7_4.5
          oval oval:com.redhat.rhsa:tst:20172882015
        • comment httpd-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111245023
      • AND
        • comment mod_ldap is earlier than 0:2.4.6-67.el7_4.5
          oval oval:com.redhat.rhsa:tst:20172882017
        • comment mod_ldap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140921010
      • AND
        • comment mod_proxy_html is earlier than 1:2.4.6-67.el7_4.5
          oval oval:com.redhat.rhsa:tst:20172882005
        • comment mod_proxy_html is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140921008
      • AND
        • comment mod_session is earlier than 0:2.4.6-67.el7_4.5
          oval oval:com.redhat.rhsa:tst:20172882011
        • comment mod_session is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140921016
      • AND
        • comment mod_ssl is earlier than 1:2.4.6-67.el7_4.5
          oval oval:com.redhat.rhsa:tst:20172882013
        • comment mod_ssl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111245021
    rhsa
    id RHSA-2017:2882
    released 2017-10-11
    severity Moderate
    title RHSA-2017:2882: httpd security update (Moderate)
  • rhsa
    id RHSA-2017:2972
  • rhsa
    id RHSA-2017:3018
  • rhsa
    id RHSA-2017:3113
  • rhsa
    id RHSA-2017:3114
  • rhsa
    id RHSA-2017:3193
  • rhsa
    id RHSA-2017:3194
  • rhsa
    id RHSA-2017:3195
  • rhsa
    id RHSA-2017:3239
  • rhsa
    id RHSA-2017:3240
  • rhsa
    id RHSA-2017:3475
  • rhsa
    id RHSA-2017:3476
  • rhsa
    id RHSA-2017:3477
rpms
  • httpd-0:2.4.6-67.el7_4.5
  • httpd-devel-0:2.4.6-67.el7_4.5
  • httpd-manual-0:2.4.6-67.el7_4.5
  • httpd-tools-0:2.4.6-67.el7_4.5
  • mod_ldap-0:2.4.6-67.el7_4.5
  • mod_proxy_html-1:2.4.6-67.el7_4.5
  • mod_session-0:2.4.6-67.el7_4.5
  • mod_ssl-1:2.4.6-67.el7_4.5
  • httpd-0:2.2.15-60.el6_9.6
  • httpd-devel-0:2.2.15-60.el6_9.6
  • httpd-manual-0:2.2.15-60.el6_9.6
  • httpd-tools-0:2.2.15-60.el6_9.6
  • mod_ssl-1:2.2.15-60.el6_9.6
refmap via4
bid
  • 100872
  • 105598
confirm
debian DSA-3980
exploit-db 42745
gentoo GLSA-201710-32
misc
sectrack 1039387
Last major update 18-09-2017 - 11:29
Published 18-09-2017 - 11:29
Last modified 23-04-2019 - 15:31
Back to Top