Debian Bug report logs -
#876109
apache2: CVE-2017-9798: HTTP OPTIONS method can leak Apache's server memory
Package:
src:apache2;
Maintainer for src:apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 18 Sep 2017 14:21:02 UTC
Severit ...
Hanno Boeck discovered that incorrect parsing of Limit directives of
htaccess files by the Apache HTTP Server could result in memory
disclosure
For the oldstable distribution (jessie), this problem has been fixed
in version 2410-10+deb8u11
For the stable distribution (stretch), this problem has been fixed in
version 2425-3+deb9u3
We recomme ...
Apache HTTP Server could be made to expose sensitive information over the
network ...
Apache HTTP Server could be made to expose sensitive information over the
network ...
Synopsis
Moderate: httpd security update
Type/Severity
Security Advisory: Moderate
Topic
An update for httpd is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 6418 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 64 for RHEL 6 and Red Hat JBoss Enterprise Application Platform 64 for RHEL 7Red Hat Produ ...
Synopsis
Moderate: httpd security update
Type/Severity
Security Advisory: Moderate
Topic
An update for httpd is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which ...
Synopsis
Important: httpd security update
Type/Severity
Security Advisory: Important
Topic
An update for httpd is now available for Red Hat Enterprise Linux 72 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2423 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for JBoss Core Services on RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2423 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Synopsis
Important: Red Hat JBoss Web Server security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Web Server 212 for RHEL 6 and Red Hat JBoss Enterprise Web Server 212 for RHEL 7Red Hat Product Security has rated this updat ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2423 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for JBoss Core Services on RHEL 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 6418 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Application PlatformRed Hat Product Security has rated this update as having a security impact of Important A Co ...
Synopsis
Moderate: httpd24 security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for httpd24, httpd24-curl, httpd24-httpd, httpd24-mod_auth_kerb, and httpd24-nghttp2 is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update ...
Synopsis
Important: httpd security update
Type/Severity
Security Advisory: Important
Topic
An update for httpd is now available for Red Hat Enterprise Linux 73 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: Red Hat JBoss Web Server security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Web Server 212Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...
Synopsis
Important: httpd security update
Type/Severity
Security Advisory: Important
Topic
An update for httpd is now available for Red Hat Enterprise Linux 67 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's htaccess file, or if httpdconf has certain misconfigurations, aka Optionsbleed The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data This is a use-after-free issue and thus secret da ...
A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an htaccess file A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash ...
An use after free vulnerability has been discovered in Apache HTTP 2427 that causes a corrupted Allow header to be constructed in response to HTTP OPTIONS requests This can leak pieces of arbitrary memory from the server process that may contain secrets The memory pieces change after multiple requests, so for a vulnerable host an arbitrary numb ...
Tenablesc leverages third-party software to help provide underlying functionality Three separate third-party components (OpenSSL, Apache HTTP Server, SimpleSAMLphp) were found to contain vulnerabilities, and updated versions have been made available by the providers
Out of caution and in line with good practice, Tenable opted to upgrade the bun ...