Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.4
CVSSv2

CVE-2017-9788

Published: 13/07/2017 Updated: 07/11/2023
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Subscribe to Http Server

Vulnerability Summary

In Apache httpd prior to 2.2.34 and 2.4.x prior to 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server

debian debian linux 8.0

debian debian linux 9.0

apple mac os x

netapp storage automation store -

netapp oncommand unified manager -

redhat enterprise linux desktop 7.0

redhat enterprise linux server aus 7.2

redhat enterprise linux workstation 7.0

redhat enterprise linux server tus 7.2

redhat enterprise linux server 7.0

redhat enterprise linux server eus 7.2

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

redhat enterprise linux server tus 7.3

redhat enterprise linux server aus 7.3

redhat enterprise linux server aus 7.4

redhat enterprise linux server eus 7.3

redhat enterprise linux server eus 7.4

redhat enterprise linux server tus 7.4

redhat enterprise linux server eus 7.5

redhat enterprise linux server eus 6.7

redhat enterprise linux server tus 7.6

redhat enterprise linux server eus 7.6

redhat enterprise linux server aus 7.6

redhat jboss_core_services 1.0

redhat jboss_enterprise_application_platform 6.0.0

redhat jboss_enterprise_application_platform 6.4.0

redhat jboss_enterprise_web_server 2.0.0

oracle secure global desktop 5.3

Vendor Advisories

Debian CVElist Bug Report Logs: apache2: CVE-2017-9788
Debian Bug report logs - #868467 apache2: CVE-2017-9788 Package: src:apache2; Maintainer for src:apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 15 Jul 2017 19:27:01 UTC Severity: important Tags: fixed-upstream, security, upstream ...
Debian Security Advisories: DSA-3913-1 apache2 -- security update
Robert Swiecki reported that mod_auth_digest does not properly initialize or reset the value placeholder in [Proxy-]Authorization headers of type Digest between successive key=value assignments, leading to information disclosure or denial of service For the oldstable distribution (jessie), this problem has been fixed in version 2410-10+deb8u10 ...
Ubuntu Security Notice: apache2 vulnerability
Apache HTTP Server could be made to crash or leak sensitive information if it received specially crafted network traffic ...
Ubuntu Security Notice: apache2 vulnerability
Apache HTTP Server could be made to crash or leak sensitive information if it received specially crafted network traffic ...
Red Hat: Important: Red Hat JBoss Core Services security update
Synopsis Important: Red Hat JBoss Core Services security update Type/Severity Security Advisory: Important Topic An update is now available for JBoss Core Services on Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sc ...
Red Hat: Important: Red Hat JBoss Core Services security update
Synopsis Important: Red Hat JBoss Core Services security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ba ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.18 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 6418 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for RHEL 6 and Red Hat JBoss Enterprise Application Platform 64 for RHEL 7Red Hat Produ ...
Red Hat: Important: httpd security update
Synopsis Important: httpd security update Type/Severity Security Advisory: Important Topic An update for httpd is now available for Red Hat Enterprise Linux 72 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Red Hat: Important: Red Hat JBoss Web Server security and bug fix update
Synopsis Important: Red Hat JBoss Web Server security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Web Server 212 for RHEL 6 and Red Hat JBoss Enterprise Web Server 212 for RHEL 7Red Hat Product Security has rated this updat ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.18 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 6418 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application PlatformRed Hat Product Security has rated this update as having a security impact of Important A Co ...
Red Hat: Important: Red Hat JBoss Core Services security update
Synopsis Important: Red Hat JBoss Core Services security update Type/Severity Security Advisory: Important Topic An update is now available for JBoss Core Services on Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sc ...
Red Hat: Important: httpd security update
Synopsis Important: httpd security update Type/Severity Security Advisory: Important Topic An update for httpd is now available for Red Hat Enterprise Linux 73 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Red Hat: Important: Red Hat JBoss Web Server security and bug fix update
Synopsis Important: Red Hat JBoss Web Server security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Web Server 212Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...
Red Hat: Important: httpd security update
Synopsis Important: httpd security update Type/Severity Security Advisory: Important Topic An update for httpd is now available for Red Hat Enterprise Linux 67 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Amazon Linux AMI: ALAS-2017-892
A NULL pointer dereference flaw was found in the httpd's mod_ssl module A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request (CVE-2017-3169) It was discovered that the use of httpd's ap_get_basic_auth_pw() API function ...
Arch Linux Issues:
A security issue has been found in apache's mod_auth_digest <= 2426, leading to information disclosure or denial of service The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest Providing an initial key with no '=' assignment ...
Tenable Security Advisories: [R1] Tenable.sc 5.13.0 Fixes Multiple Third-Party Vulnerabilities
Tenablesc leverages third-party software to help provide underlying functionality Three separate third-party components (OpenSSL, Apache HTTP Server, SimpleSAMLphp) were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bun ...

Github Repositories

https://github.com/ColumbusCollaboratory/MITRE_NIST

A Crowdsourcing Exchange for mapping various sources of security vulnerabilities, exposures, threats, and controls data

A Crowdsourcing Exchange for mapping various sources of Information security vulnerabilities, exposures, threats, and controls data What are you asking? The Columbus Collaboratory is asking the community to help us create mappings from CWE (common weakness enumeration) to NIST 800-53r4 moderate controls using our initial mapping formula Why are you asking? The Collaboratory te

References

CWE-200CWE-20https://httpd.apache.org/security/vulnerabilities_24.htmlhttps://httpd.apache.org/security/vulnerabilities_22.htmlhttp://www.securitytracker.com/id/1038906http://www.securityfocus.com/bid/99569http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttps://security.gentoo.org/glsa/201710-32http://www.debian.org/security/2017/dsa-3913https://security.netapp.com/advisory/ntap-20170911-0002/https://support.apple.com/HT208221https://access.redhat.com/errata/RHSA-2017:3240https://access.redhat.com/errata/RHSA-2017:3239https://access.redhat.com/errata/RHSA-2017:3195https://access.redhat.com/errata/RHSA-2017:3194https://access.redhat.com/errata/RHSA-2017:3193https://access.redhat.com/errata/RHSA-2017:3114https://access.redhat.com/errata/RHSA-2017:3113https://access.redhat.com/errata/RHSA-2017:2710https://access.redhat.com/errata/RHSA-2017:2709https://access.redhat.com/errata/RHSA-2017:2708https://access.redhat.com/errata/RHSA-2017:2483https://access.redhat.com/errata/RHSA-2017:2479https://access.redhat.com/errata/RHSA-2017:2478https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_ushttps://www.tenable.com/security/tns-2019-09https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb%40%3Cannounce.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868467https://nvd.nist.govhttps://github.com/ColumbusCollaboratory/MITRE_NISThttps://www.debian.org/security/./dsa-3913https://usn.ubuntu.com/3370-2/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook