Description

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.

Remediation

References

CVE-2017-9798

Related Vulnerabilities

PHP Other Vulnerability (CVE-2002-0229)

MySQL CVE-2021-2357 Vulnerability (CVE-2021-2357)

MyBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-27946)

Microsoft SQL Server CVE-2023-38169 Vulnerability (CVE-2023-38169)

Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2019-12854)

Severity

High

Classification

CVE-2017-9798 CWE-416 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities