#VU7517 Information disclosure in Apache HTTP Server


Published: 2017-07-13 | Updated: 2017-07-14

Vulnerability identifier: #VU7517

Vulnerability risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-9788

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Apache HTTP Server
Server applications / Web servers

Vendor: Apache Foundation

Description
The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information on the targeted system.

The weakness exists due to improper initialization of the value placeholder in [Proxy-]Authorization headers of type 'Digest' before or between successive key=value assignments by mod_auth_digest. A remote attacker can provide an initial key with no '=' assignment to cause the stale value of uninitialized pool memory used by the prior request to leak.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation
Update Apache HTTP server to version 2.2.34 or 2.4.26.

Vulnerable software versions

Apache HTTP Server: 2.2.0 - 2.4.25

External links
http://httpd.apache.org/security/vulnerabilities_22.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in DELL Secure Connect Gateway Security
Multiple vulnerabilities in Tenable.sc
Red Hat update for Red Hat JBoss Enterprise Application Platform 6.4.18
Red Hat update for httpd
Red Hat update for httpd
Red Hat update for Red Hat JBoss Web Server
Gentoo update for Apache
Amazon Linux AMI update for httpd
Red Hat update for Apache HTTP server
Red Hat update for Apache HTTP server