Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2017-9798

Published: 18/09/2017 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 508
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Apache

Vulnerability Summary

Apache httpd allows remote malicious users to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server up to and including 2.2.34 and 2.4.x up to and including 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server 2.4.1

apache http server 2.4.20

apache http server 2.4.6

apache http server 2.4.0

apache http server 2.4.12

apache http server 2.4.3

apache http server 2.4.23

apache http server 2.4.4

apache http server 2.4.10

apache http server 2.4.7

apache http server 2.4.25

apache http server 2.4.26

apache http server 2.4.18

apache http server 2.4.2

apache http server 2.4.17

apache http server 2.4.16

apache http server 2.4.9

apache http server 2.4.27

apache http server

debian debian linux 8.0

debian debian linux 7.0

debian debian linux 9.0

Vendor Advisories

Debian CVElist Bug Report Logs: apache2: CVE-2017-9798: HTTP OPTIONS method can leak Apache's server memory
Debian Bug report logs - #876109 apache2: CVE-2017-9798: HTTP OPTIONS method can leak Apache's server memory Package: src:apache2; Maintainer for src:apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 18 Sep 2017 14:21:02 UTC Severit ...
Debian Security Advisories: DSA-3980-1 apache2 -- security update
Hanno Boeck discovered that incorrect parsing of Limit directives of htaccess files by the Apache HTTP Server could result in memory disclosure For the oldstable distribution (jessie), this problem has been fixed in version 2410-10+deb8u11 For the stable distribution (stretch), this problem has been fixed in version 2425-3+deb9u3 We recomme ...
Ubuntu Security Notice: apache2 vulnerability
Apache HTTP Server could be made to expose sensitive information over the network ...
Ubuntu Security Notice: apache2 vulnerability
Apache HTTP Server could be made to expose sensitive information over the network ...
Red Hat: Moderate: httpd security update
Synopsis Moderate: httpd security update Type/Severity Security Advisory: Moderate Topic An update for httpd is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.18 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 6418 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for RHEL 6 and Red Hat JBoss Enterprise Application Platform 64 for RHEL 7Red Hat Produ ...
Red Hat: Moderate: httpd security update
Synopsis Moderate: httpd security update Type/Severity Security Advisory: Moderate Topic An update for httpd is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which ...
Red Hat: Important: httpd security update
Synopsis Important: httpd security update Type/Severity Security Advisory: Important Topic An update for httpd is now available for Red Hat Enterprise Linux 72 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2423 security update Type/Severity Security Advisory: Important Topic An update is now available for JBoss Core Services on RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2423 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Red Hat: Important: Red Hat JBoss Web Server security and bug fix update
Synopsis Important: Red Hat JBoss Web Server security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Web Server 212 for RHEL 6 and Red Hat JBoss Enterprise Web Server 212 for RHEL 7Red Hat Product Security has rated this updat ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2423 security update Type/Severity Security Advisory: Important Topic An update is now available for JBoss Core Services on RHEL 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.18 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 6418 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application PlatformRed Hat Product Security has rated this update as having a security impact of Important A Co ...
Red Hat: Moderate: httpd24 security, bug fix, and enhancement update
Synopsis Moderate: httpd24 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for httpd24, httpd24-curl, httpd24-httpd, httpd24-mod_auth_kerb, and httpd24-nghttp2 is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update ...
Red Hat: Important: httpd security update
Synopsis Important: httpd security update Type/Severity Security Advisory: Important Topic An update for httpd is now available for Red Hat Enterprise Linux 73 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Red Hat: Important: Red Hat JBoss Web Server security and bug fix update
Synopsis Important: Red Hat JBoss Web Server security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Web Server 212Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...
Red Hat: Important: httpd security update
Synopsis Important: httpd security update Type/Severity Security Advisory: Important Topic An update for httpd is now available for Red Hat Enterprise Linux 67 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Amazon Linux AMI: ALAS-2017-896
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's htaccess file, or if httpdconf has certain misconfigurations, aka Optionsbleed The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data This is a use-after-free issue and thus secret da ...
Red Hat: CVE-2017-9798
A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an htaccess file A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash ...
Arch Linux Issues:
An use after free vulnerability has been discovered in Apache HTTP 2427 that causes a corrupted Allow header to be constructed in response to HTTP OPTIONS requests This can leak pieces of arbitrary memory from the server process that may contain secrets The memory pieces change after multiple requests, so for a vulnerable host an arbitrary numb ...
Tenable Security Advisories: [R1] Tenable.sc 5.13.0 Fixes Multiple Third-Party Vulnerabilities
Tenablesc leverages third-party software to help provide underlying functionality Three separate third-party components (OpenSSL, Apache HTTP Server, SimpleSAMLphp) were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bun ...

Exploits

Exploit DB: Apache < 2.2.34 / < 2.4.27 - OPTIONS Memory Leak
#!/usr/bin/env python3 # Optionsbleed proof of concept test # by Hanno Böck import argparse import urllib3 import re def test_bleed(url, args): r = poolrequest('OPTIONS', url) try: allow = str(rheaders["Allow"]) except KeyError: return False if allow in dup: return dupappend(allow) if allow == ...

Github Repositories

https://github.com/nitrado/CVE-2017-9798

Checks a shared hosting environment for CVE-2017-9798

Check for CVE-2017-9798 This small script checks a shared hosting environment for CVE-2017-9798 and exits with a return code of 1 if a vulnerable htaccess file has been found Example usage python checkpy --path /var/customers/webs/

https://github.com/ColumbusCollaboratory/MITRE_NIST

A Crowdsourcing Exchange for mapping various sources of security vulnerabilities, exposures, threats, and controls data

A Crowdsourcing Exchange for mapping various sources of Information security vulnerabilities, exposures, threats, and controls data What are you asking? The Columbus Collaboratory is asking the community to help us create mappings from CWE (common weakness enumeration) to NIST 800-53r4 moderate controls using our initial mapping formula Why are you asking? The Collaboratory te

https://github.com/brokensound77/OptionsBleed-POC-Scanner

OptionsBleed (CVE-2017-9798) PoC / Scanner

OptionsBleed-POC-Scanner OptionsBleed (CVE-2017-9798) PoC / Scanner More information coming soon Disclaimer This software has been created purely for the purposes of academic research and for the development of effective defensive techniques, and is not intended to be used to attack systems except where explicitly authorized Project maintainers are not responsible or liable

https://github.com/al0ne/suricata_optimize

Suricata安装部署&丢包优化&性能调优&规则调整&Pfring设置

Suricata部署优化 此文章记录了我在18年部署Suricata时的一些经验与心得 硬件配置 CPU:双路e5 内存:128G 硬盘:越多越好 网卡:管理口:千兆网卡,镜像口:intel 万兆网卡 系统:Debian GNU/Linux 811 (jessie) 内核版本:3160-6-amd64 IDS:suricata 405 告警分析:splunk 规则自动更新:suricata-update 挂载

https://github.com/hannob/optionsbleed

optionsbleed This is a proof of concept code to test for the Optionsbleed bug in Apache httpd (CVE-2017-9798) Please consider using the tool Snallygaster instead, it has a check for optionsbleed included: snallygaster -t optionsbleed [host] usage optionsbleed [-h] [-n N] [-a] [-u] hosttocheck Check for the Optionsbleed vulnerability (CV

https://github.com/l0n3rs/CVE-2017-9798

CVE-2017-9798 This small script checks a shared hosting environment for CVE-2017-9798 and exits with a return code of 1 if a vulnerable htaccess file has been found

https://github.com/pabloec20/optionsbleed

CVE-2017-9798

optionsbleed CVE-2017-9798

https://github.com/cnnrshd/bbot-utils

Tools for parsing/enriching data from bbot. Probably not generally useful.

bbot-utils Tools for parsing/enriching data from bbot Designed to be generally useful, since it can parse arbitrary NDJSON files Installation Recommended installation method is with pipx, since this also adds the tools to your path pipx install git+githubcom/cnnrshd/bbot-utilsgit This allows you to simply run: echo '{&quo

https://github.com/andaks1/ib01

Домашнее задание к занятию «Уязвимости и атаки на информационные системы» Задание 1 Скачайте и установите виртуальную машину Metasploitable: sourceforgenet/projects/metasploitable/ Это типовая ОС для экспериментов в обл

References

CWE-416https://security-tracker.debian.org/tracker/CVE-2017-9798https://github.com/hannob/optionsbleedhttps://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patchhttps://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.htmlhttp://openwall.com/lists/oss-security/2017/09/18/2https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patchhttps://www.exploit-db.com/exploits/42745/http://www.securitytracker.com/id/1039387http://www.securityfocus.com/bid/100872https://security.gentoo.org/glsa/201710-32http://www.debian.org/security/2017/dsa-3980https://access.redhat.com/errata/RHSA-2017:3240https://access.redhat.com/errata/RHSA-2017:3239https://access.redhat.com/errata/RHSA-2017:3195https://access.redhat.com/errata/RHSA-2017:3194https://access.redhat.com/errata/RHSA-2017:3193https://access.redhat.com/errata/RHSA-2017:3114https://access.redhat.com/errata/RHSA-2017:3113https://access.redhat.com/errata/RHSA-2017:3018https://access.redhat.com/errata/RHSA-2017:2972https://access.redhat.com/errata/RHSA-2017:2882https://access.redhat.com/errata/RHSA-2017:3477https://access.redhat.com/errata/RHSA-2017:3476https://access.redhat.com/errata/RHSA-2017:3475https://support.apple.com/HT208331http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlhttps://security.netapp.com/advisory/ntap-20180601-0003/http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.securityfocus.com/bid/105598https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_ushttps://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.tenable.com/security/tns-2019-09https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67ahttps://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876109https://nvd.nist.govhttps://usn.ubuntu.com/3425-2/https://www.exploit-db.com/exploits/42745/https://www.debian.org/security/./dsa-3980
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook