National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2017-9798 Detail

Current Description

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.

Source:  MITRE      Last Modified:  09/18/2017      View Analysis Description

Quick Info

CVE Dictionary Entry:
CVE-2017-9798
Original release date:
09/18/2017
Last revised:
01/18/2018
Source:
US-CERT/NIST

Impact

CVSS Severity (version 3.0):
CVSS v3 Base Score:
7.5 High
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (legend)
Impact Score:
3.6
Exploitability Score:
3.9
CVSS Version 3 Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None
CVSS Severity (version 2.0):
CVSS v2 Base Score:
5.0 MEDIUM
Vector:
(AV:N/AC:L/Au:N/C:P/I:N/A:N) (legend)
Impact Subscore:
2.9
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Allows unauthorized disclosure of information

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://openwall.com/lists/oss-security/2017/09/18/2 Mailing List; VDB Entry External Source MISC http://openwall.com/lists/oss-security/2017/09/18/2
http://www.debian.org/security/2017/dsa-3980 External Source DEBIAN DSA-3980
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html External Source CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/100872 Third Party Advisory; VDB Entry External Source BID 100872
http://www.securitytracker.com/id/1039387 Third Party Advisory; VDB Entry External Source SECTRACK 1039387
https://access.redhat.com/errata/RHSA-2017:2882 External Source REDHAT RHSA-2017:2882
https://access.redhat.com/errata/RHSA-2017:2972 External Source REDHAT RHSA-2017:2972
https://access.redhat.com/errata/RHSA-2017:3018 External Source REDHAT RHSA-2017:3018
https://access.redhat.com/errata/RHSA-2017:3113 External Source REDHAT RHSA-2017:3113
https://access.redhat.com/errata/RHSA-2017:3114 External Source REDHAT RHSA-2017:3114
https://access.redhat.com/errata/RHSA-2017:3193 External Source REDHAT RHSA-2017:3193
https://access.redhat.com/errata/RHSA-2017:3194 External Source REDHAT RHSA-2017:3194
https://access.redhat.com/errata/RHSA-2017:3195 External Source REDHAT RHSA-2017:3195
https://access.redhat.com/errata/RHSA-2017:3239 External Source REDHAT RHSA-2017:3239
https://access.redhat.com/errata/RHSA-2017:3240 External Source REDHAT RHSA-2017:3240
https://access.redhat.com/errata/RHSA-2017:3475 External Source REDHAT RHSA-2017:3475
https://access.redhat.com/errata/RHSA-2017:3476 External Source REDHAT RHSA-2017:3476
https://access.redhat.com/errata/RHSA-2017:3477 External Source REDHAT RHSA-2017:3477
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html Exploit; Patch; Technical Description; Third Party Advisory External Source MISC https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch Exploit; Patch; Technical Description; Third Party Advisory External Source MISC https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch
https://github.com/apache/httpd/commit/29afdd2550b3d30a8defece2b95ae81edcf66ac9 Patch; Third Party Advisory External Source MISC https://github.com/apache/httpd/commit/29afdd2550b3d30a8defece2b95ae81edcf66ac9
https://github.com/hannob/optionsbleed Exploit; Third Party Advisory External Source MISC https://github.com/hannob/optionsbleed
https://security.gentoo.org/glsa/201710-32 External Source GENTOO GLSA-201710-32
https://security-tracker.debian.org/tracker/CVE-2017-9798 Third Party Advisory External Source MISC https://security-tracker.debian.org/tracker/CVE-2017-9798
https://support.apple.com/HT208331 External Source CONFIRM https://support.apple.com/HT208331
https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch Vendor Advisory External Source MISC https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch
https://www.exploit-db.com/exploits/42745/ Exploit; Third Party Advisory; VDB Entry External Source EXPLOIT-DB 42745

Technical Details

Vulnerability Type (View All)

Change History 11 change records found - show changes