101516

1039633

RHSA-2017:2972

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12171

The remote NewStart CGSL host, running version MAIN 4.05, has httpd packages installed that are affected by a vulnerability:

  - A regression was found in the Red Hat Enterprise Linux     6.9 version of httpd, causing comments in the Allow     and Deny configuration lines to be parsed incorrectly.
    A web administrator could unintentionally allow any     client to access a restricted HTTP resource.
    (CVE-2017-12171)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

An update for httpd is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es) :

* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)

* A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the 'Allow' and 'Deny' configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.
(CVE-2017-12171)

Red Hat would like to thank Hanno BAPck for reporting CVE-2017-9798 and KAWAHARA Masashi for reporting CVE-2017-12171.

Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Hash (#) character matches all IPs :

A regression was found in httpd, causing comments in the 'Allow' and 'Deny' configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. (CVE-2017-12171)

An update for httpd is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es) :

* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)

* A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the 'Allow' and 'Deny' configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.
(CVE-2017-12171)

Red Hat would like to thank Hanno Bock for reporting CVE-2017-9798 and KAWAHARA Masashi for reporting CVE-2017-12171.

Security Fix(es) :

  - A use-after-free flaw was found in the way httpd handled     invalid and previously unregistered HTTP methods     specified in the Limit directive used in an .htaccess     file. A remote attacker could possibly use this flaw to     disclose portions of the server memory, or cause httpd     child process to crash. (CVE-2017-9798)

  - A regression was found in the Scientific Linux 6.9     version of httpd, causing comments in the 'Allow' and     'Deny' configuration lines to be parsed incorrectly. A     web administrator could unintentionally allow any client     to access a restricted HTTP resource. (CVE-2017-12171)

From Red Hat Security Advisory 2017:2972 :

An update for httpd is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es) :

* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)

* A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the 'Allow' and 'Deny' configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.
(CVE-2017-12171)

Red Hat would like to thank Hanno Bock for reporting CVE-2017-9798 and KAWAHARA Masashi for reporting CVE-2017-12171.

ID	Name	Product	Family	Severity
127433	NewStart CGSL MAIN 4.05 : httpd Vulnerability (NS-SA-2019-0156)	Nessus	NewStart CGSL Local Security Checks	medium
119234	Virtuozzo 6 : httpd / httpd-devel / httpd-manual / httpd-tools / etc (VZLSA-2017-2972)	Nessus	Virtuozzo Local Security Checks	medium
104395	Amazon Linux AMI : httpd (ALAS-2017-921)	Nessus	Amazon Linux Local Security Checks	medium
104053	CentOS 6 : httpd (CESA-2017:2972) (Optionsbleed)	Nessus	CentOS Local Security Checks	high
104007	Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20171019) (Optionsbleed)	Nessus	Scientific Linux Local Security Checks	high
104006	RHEL 6 : httpd (RHSA-2017:2972) (Optionsbleed)	Nessus	Red Hat Local Security Checks	high
104002	Oracle Linux 6 : httpd (ELSA-2017-2972) (Optionsbleed)	Nessus	Oracle Linux Local Security Checks	high

CVE-2017-12171

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

medium

medium

medium

high

high

high

high