Main Vulnerability Database Exploits ID:1999 - Exploit for Use-after-free in Apache HTTP Server - CVE-2017-9798

ID:1999 - Exploit for Use-after-free in Apache HTTP Server - CVE-2017-9798

Published: March 18, 2020

Vulnerability identifier: #VU8504

Vulnerability risk: Low

CVE-ID: CVE-2017-9798

CWE-ID: CWE-416

Exploitation vector: Remote access

Vulnerable software:
Apache HTTP Server

Link to public exploit:

https://github.com/DynamicDesignz/Alien-Framework

Vulnerability description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to use-after-free error when processing HTTP OPTIONS requests in server/core.c, when limits are configured in .htaccess or httpd.conf configuration files. A remote unauthenticated attacker can read portions of memory through HTTP OPTIONS requests and gain access to potentially sensitive data.

The vulnerability is dubbed Optionsbleed.

Remediation

Update to version 2.4.28.
http://www.apache.org/dist/httpd/CHANGES_2.4.28

ID:1999 - Exploit for Use-after-free in Apache HTTP Server - CVE-2017-9798

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human