CVE-2017-9798

high-risk

Published 2017-09-18

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.

Do I need to act?

93.8% chance of exploitation in next 30 days

EPSS score — higher than 6% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

42745

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

Http Server

Debian Linux

Http Server

Affected Vendors

Apache Debian

References (111)

Mailing List http://openwall.com/lists/oss-security/2017/09/18/2

Third Party Advisory http://www.debian.org/security/2017/dsa-3980

Patch http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Patch http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Patch http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Patch http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Third Party Advisory http://www.securityfocus.com/bid/100872

Third Party Advisory http://www.securityfocus.com/bid/105598

Third Party Advisory http://www.securitytracker.com/id/1039387

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:2882

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:2972

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3018

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3113

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3114

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3193

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3194

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3195

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3239

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3240

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3475

and 91 more references

/ 100

high-risk

Severity 26/34 · High

Exploitability 20/34 · Moderate

Exposure 20/34 · Moderate