Use-after-free in Apache HTTP Server



Published: 2017-09-20 | Updated: 2017-10-03
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2017-9798
CWE-ID CWE-416
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe
Apache HTTP Server
Server applications / Web servers

Vendor Apache Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Use-after-free

EUVDB-ID: #VU8504

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-9798

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to use-after-free error when processing HTTP OPTIONS requests in server/core.c, when limits are configured in .htaccess or httpd.conf configuration files. A remote unauthenticated attacker can read portions of memory through HTTP OPTIONS requests and gain access to potentially sensitive data.

The vulnerability is dubbed Optionsbleed.

Mitigation

Update to version 2.4.28.
http://www.apache.org/dist/httpd/CHANGES_2.4.28

Vulnerable software versions

Apache HTTP Server: 2.2.0 - 2.4.27


CPE2.3 External links

http://svn.apache.org/viewvc?view=revision&revision=1807655 
http://github.com/hannob/optionsbleed
http://openwall.com/lists/oss-security/2017/09/18/2
http://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory....
http://www.apache.org/dist/httpd/CHANGES_2.4.28

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###