Two vulnerabilities in Apache HTTP Server



Published: 2017-07-14
Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2017-9788
CVE-2017-9789
CWE-ID CWE-200
CWE-416
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Apache HTTP Server
Server applications / Web servers

Vendor Apache Foundation

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Information disclosure

EUVDB-ID: #VU7517

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-9788

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information on the targeted system.

The weakness exists due to improper initialization of the value placeholder in [Proxy-]Authorization headers of type 'Digest' before or between successive key=value assignments by mod_auth_digest. A remote attacker can provide an initial key with no '=' assignment to cause the stale value of uninitialized pool memory used by the prior request to leak.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation

Update to version 2.4.27.

Vulnerable software versions

Apache HTTP Server: 2.4.1 - 2.4.26


CPE2.3 External links

http://httpd.apache.org/security/vulnerabilities_24.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free error

EUVDB-ID: #VU7518

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-9789

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the targeted system.

The weakness exists due to use-after-free condition in the mod_http2 function. A remote attacker can trigger memory corruption and cause the server to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update to version 2.4.27.

Vulnerable software versions

Apache HTTP Server: 2.4.26


CPE2.3 External links

http://httpd.apache.org/security/vulnerabilities_24.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###