CVE-2017-9798

 

Published at: - 18-09-2017 05:29

Last modified: - 30-06-2022 05:18

Total changes: - 4

Description

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

 

Verification logic

 

Reference

• https://security-tracker.debian.org/tracker/CVE-2017-9798
• https://github.com/hannob/optionsbleed
• https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch
• https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
• http://openwall.com/lists/oss-security/2017/09/18/2
• https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch
• 42745-Exploit, Third Party Advisory, VDB Entry
• 1039387-Third Party Advisory, VDB Entry
• 100872-Third Party Advisory, VDB Entry
• GLSA-201710-32-Third Party Advisory
• DSA-3980-Third Party Advisory
• RHSA-2017:3240-Third Party Advisory
• RHSA-2017:3239-Third Party Advisory
• RHSA-2017:3195-Third Party Advisory
• RHSA-2017:3194-Third Party Advisory
• RHSA-2017:3193-Third Party Advisory
• RHSA-2017:3114-Third Party Advisory
• RHSA-2017:3113-Third Party Advisory
• RHSA-2017:3018-Third Party Advisory
• RHSA-2017:2972-Third Party Advisory
• RHSA-2017:2882-Third Party Advisory
• RHSA-2017:3477-Third Party Advisory
• RHSA-2017:3476-Third Party Advisory
• RHSA-2017:3475-Third Party Advisory
• https://support.apple.com/HT208331
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
• https://security.netapp.com/advisory/ntap-20180601-0003/
• http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
• 105598-Third Party Advisory, VDB Entry
• https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us
• https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798
• https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
• [httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.html security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-Mailing List, Vendor Advisory
• https://www.tenable.com/security/tns-2019-09
• [httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.html security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-Mailing List, Vendor Advisory
• [httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.html security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-Mailing List, Vendor Advisory
• [httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.html security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-Mailing List, Vendor Advisory
• [httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.html security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-Mailing List, Vendor Advisory
• [httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.html security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-Mailing List, Vendor Advisory
• [httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.html security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-Mailing List, Vendor Advisory
• [httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.html security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-Mailing List, Vendor Advisory
• https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a
• [httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-
• [httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-
• [httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/-
• [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/-
• [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/-
• [httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.html security/vulnerabilities_22.html security/vulnerabilities_24.html-
• [httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/-
• [httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/-
• [httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-
• [httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.html security/vulnerabilities_22.html security/vulnerabilities_24.html-

 

Keywords

NVD

 

CVE-2017-9798

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures