Уязвимость CVE-2017-9798: Информация

Описание

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.

Важность: HIGH (7,5) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-9798

Опубликовано: 18 сентября 2017 г.

Изменено: 7 ноября 2023 г.

Идентификатор типа ошибки: CWE-416

Исправленные пакеты

Имя пакета	Ветка	Исправлено в версии	Версия в репозитории	Errata ID	№ Задания	Состояние
apache2	sisyphus	2.4.28-alt1.S1	2.4.59-alt1	ALT-PU-2017-2477-1	190885	Исправлено
apache2	p10	2.4.28-alt1.S1	2.4.59-alt1	ALT-PU-2017-2477-1	190885	Исправлено
apache2	p9	2.4.28-alt1.S1	2.4.58-alt1	ALT-PU-2017-2477-1	190885	Исправлено
apache2	p8	2.4.28-alt1.M80P.1	2.4.43-alt1	ALT-PU-2017-2482-1	191279	Исправлено
apache2	c10f1	2.4.28-alt1.S1	2.4.59-alt1	ALT-PU-2017-2477-1	190885	Исправлено
apache2	c9f2	2.4.28-alt1.S1	2.4.59-alt1	ALT-PU-2017-2477-1	190885	Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка	Ресурс
https://security-tracker.debian.org/tracker/CVE-2017-9798	Third Party Advisory
https://github.com/hannob/optionsbleed	Exploit Third Party Advisory
https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch	Exploit Patch Technical Description Third Party Advisory
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html	Exploit Patch Technical Description Third Party Advisory
http://openwall.com/lists/oss-security/2017/09/18/2	Mailing List VDB Entry
https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch	Vendor Advisory
42745	Exploit Third Party Advisory VDB Entry
1039387	Third Party Advisory VDB Entry
100872	Third Party Advisory VDB Entry
GLSA-201710-32	Third Party Advisory
DSA-3980	Third Party Advisory
RHSA-2017:3240	Third Party Advisory
RHSA-2017:3239	Third Party Advisory
RHSA-2017:3195	Third Party Advisory
RHSA-2017:3194	Third Party Advisory
RHSA-2017:3193	Third Party Advisory
RHSA-2017:3114	Third Party Advisory
RHSA-2017:3113	Third Party Advisory
RHSA-2017:3018	Third Party Advisory
RHSA-2017:2972	Third Party Advisory
RHSA-2017:2882	Third Party Advisory
RHSA-2017:3477	Third Party Advisory
RHSA-2017:3476	Third Party Advisory
RHSA-2017:3475	Third Party Advisory
https://support.apple.com/HT208331	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html	Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20180601-0003/	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	Patch Third Party Advisory
105598	Third Party Advisory VDB Entry
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	Patch Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us	Third Party Advisory
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798	Vendor Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	Patch Third Party Advisory
https://www.tenable.com/security/tns-2019-09	Third Party Advisory
https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a	Patch Vendor Advisory
[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/
[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html
[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Подверженные конфигурации:
1. Конфигурация 1
  cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*
  cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
  End including
  2.2.34
  
  Конфигурация 2
  cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Версия: v24.5.0

Наверх

Уязвимость CVE-2017-9798: Информация

Описание

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

Конфигурация 1

Конфигурация 2