National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Vulnerability Change Record for CVE-2017-9798

Change History

Initial Analysis - 9/29/2017 2:36:54 PM

Action Type Old Value New Value
Changed Reference Type
https://security-tracker.debian.org/tracker/CVE-2017-9798 No Types Assigned
https://security-tracker.debian.org/tracker/CVE-2017-9798 Third Party Advisory
Changed Reference Type
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html No Types Assigned
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html Exploit, Patch, Technical Description, Third Party Advisory
Changed Reference Type
https://github.com/apache/httpd/commit/29afdd2550b3d30a8defece2b95ae81edcf66ac9 No Types Assigned
https://github.com/apache/httpd/commit/29afdd2550b3d30a8defece2b95ae81edcf66ac9 Patch, Third Party Advisory
Added CVSS V2
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Changed Reference Type
http://www.securityfocus.com/bid/100872 No Types Assigned
http://www.securityfocus.com/bid/100872 Third Party Advisory, VDB Entry
Changed Reference Type
https://www.exploit-db.com/exploits/42745/ No Types Assigned
https://www.exploit-db.com/exploits/42745/ Exploit, Third Party Advisory, VDB Entry
Added CWE
CWE-416
Changed Reference Type
http://openwall.com/lists/oss-security/2017/09/18/2 No Types Assigned
http://openwall.com/lists/oss-security/2017/09/18/2 Mailing List, VDB Entry
Changed Reference Type
http://www.securitytracker.com/id/1039387 No Types Assigned
http://www.securitytracker.com/id/1039387 Third Party Advisory, VDB Entry
Changed Reference Type
https://github.com/hannob/optionsbleed No Types Assigned
https://github.com/hannob/optionsbleed Exploit, Third Party Advisory
Added CPE Configuration
OR
     *cpe:2.3:a:apache:http_server:2.2.34:*:*:*:*:*:*:* (and previous)
     *cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*
Added CPE Configuration
OR
     *cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
     *cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
     *cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Added CVSS V3
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Changed Reference Type
https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch No Types Assigned
https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch Exploit, Patch, Technical Description, Third Party Advisory
Changed Reference Type
https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch No Types Assigned
https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch Vendor Advisory