CVE-2017-9788

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.

References

https://lists.apache.org/thread.html/[email protected]%3Cannounce.httpd.apache.org%3E

https://httpd.apache.org/security/vulnerabilities_24.html

https://httpd.apache.org/security/vulnerabilities_22.html

http://www.securitytracker.com/id/1038906

http://www.securityfocus.com/bid/99569

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

https://security.gentoo.org/glsa/201710-32

http://www.debian.org/security/2017/dsa-3913

https://security.netapp.com/advisory/ntap-20170911-0002/

https://support.apple.com/HT208221

https://access.redhat.com/errata/RHSA-2017:3240

https://access.redhat.com/errata/RHSA-2017:3239

https://access.redhat.com/errata/RHSA-2017:3195

https://access.redhat.com/errata/RHSA-2017:3194

https://access.redhat.com/errata/RHSA-2017:3193

https://access.redhat.com/errata/RHSA-2017:3114

https://access.redhat.com/errata/RHSA-2017:3113

https://access.redhat.com/errata/RHSA-2017:2710

https://access.redhat.com/errata/RHSA-2017:2709

https://access.redhat.com/errata/RHSA-2017:2708

https://access.redhat.com/errata/RHSA-2017:2483

https://access.redhat.com/errata/RHSA-2017:2479

https://access.redhat.com/errata/RHSA-2017:2478

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://www.tenable.com/security/tns-2019-09

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2017-07-13

Updated: 2021-06-06

Type: CWE-200

Risk Information

CVSS v2

Base Score: 6.4

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Impact Score: 4.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Impact Score: 5.2

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* versions from 2.4.0 to 2.4.26 (inclusive)

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* versions up to 2.2.33 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*

cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

Configuration 6

AND

OR

cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*

OR

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 7

OR

cpe:2.3:a:oracle:secure_global_desktop:5.3:*:*:*:*:*:*:*

Tenable Plugins

View all (42 total)

IDNameProductFamilySeverity
127360NewStart CGSL MAIN 4.05 : httpd Multiple Vulnerabilities (NS-SA-2019-0118)NessusNewStart CGSL Local Security Checks
critical
124922EulerOS Virtualization 3.0.1.0 : httpd (EulerOS-SA-2019-1419)NessusHuawei Local Security Checks
critical
124892EulerOS Virtualization for ARM 64 3.0.1.0 : httpd (EulerOS-SA-2019-1389)NessusHuawei Local Security Checks
critical
700511macOS < 10.13 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
121721Photon OS 1.0: Httpd PHSA-2017-0027NessusPhotonOS Local Security Checks
critical
98912Apache 2.4.x < 2.4.27 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
119222Virtuozzo 6 : httpd / httpd-devel / httpd-manual / httpd-tools / etc (VZLSA-2017-2478)NessusVirtuozzo Local Security Checks
critical
111876Photon OS 1.0: Httpd PHSA-2017-0027 (deprecated)NessusPhotonOS Local Security Checks
critical
108520Juniper Junos Space < 17.2R1 Multiple Vulnerabilities (JSA10838)NessusJunos Local Security Checks
critical
104699RHEL 6 / 7 : JBoss EAP (RHSA-2017:3240) (Optionsbleed)NessusRed Hat Local Security Checks
critical
104541RHEL 6 : httpd (RHSA-2017:3195) (Optionsbleed)NessusRed Hat Local Security Checks
critical
104540RHEL 7 : httpd (RHSA-2017:3194) (Optionsbleed)NessusRed Hat Local Security Checks
critical
104539RHEL 7 : httpd (RHSA-2017:3193) (Optionsbleed)NessusRed Hat Local Security Checks
critical
104456RHEL 6 / 7 : Red Hat JBoss Web Server (RHSA-2017:3113) (Optionsbleed)NessusRed Hat Local Security Checks
critical
104379macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)NessusMacOS X Local Security Checks
critical
104233GLSA-201710-32 : Apache: Multiple vulnerabilities (Optionsbleed)NessusGentoo Local Security Checks
critical
103961SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2756-1) (Optionsbleed)NessusSuSE Local Security Checks
critical
103598macOS < 10.13 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
103241RHEL 6 : JBoss Core Services (RHSA-2017:2710)NessusRed Hat Local Security Checks
critical
103240RHEL 7 : JBoss Core Services (RHSA-2017:2709)NessusRed Hat Local Security Checks
critical
103226Amazon Linux AMI : httpd (ALAS-2017-892)NessusAmazon Linux Local Security Checks
critical
103215SUSE SLES12 Security Update : Recommended update for apache2 (SUSE-SU-2017:2449-1)NessusSuSE Local Security Checks
critical
103016EulerOS 2.0 SP2 : httpd (EulerOS-SA-2017-1178)NessusHuawei Local Security Checks
critical
103015EulerOS 2.0 SP1 : httpd (EulerOS-SA-2017-1177)NessusHuawei Local Security Checks
critical
102767CentOS 7 : httpd (CESA-2017:2479)NessusCentOS Local Security Checks
critical
102668Scientific Linux Security Update : httpd on SL7.x x86_64 (20170815)NessusScientific Linux Local Security Checks
critical
102535RHEL 6 : httpd (RHSA-2017:2478)NessusRed Hat Local Security Checks
critical
102521Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20170815)NessusScientific Linux Local Security Checks
critical
102519RHEL 7 : httpd (RHSA-2017:2479)NessusRed Hat Local Security Checks
critical
102515Oracle Linux 7 : httpd (ELSA-2017-2479)NessusOracle Linux Local Security Checks
critical
102514Oracle Linux 6 : httpd (ELSA-2017-2478)NessusOracle Linux Local Security Checks
critical
102505CentOS 6 : httpd (CESA-2017:2478)NessusCentOS Local Security Checks
critical
102068SUSE SLES11 Security Update : apache2 (SUSE-SU-2017:1997-1)NessusSuSE Local Security Checks
critical
102055openSUSE Security Update : apache2 (openSUSE-2017-865)NessusSuSE Local Security Checks
critical
102034Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : apache2 vulnerability (USN-3370-1)NessusUbuntu Local Security Checks
critical
102013SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:1961-1)NessusSuSE Local Security Checks
critical
101793Debian DSA-3913-1 : apache2 - security updateNessusDebian Local Security Checks
critical
101788Apache 2.4.x < 2.4.27 Multiple VulnerabilitiesNessusWeb Servers
critical
101787Apache 2.2.x < 2.2.34 Multiple VulnerabilitiesNessusWeb Servers
critical
101774Debian DLA-1028-1 : apache2 security updateNessusDebian Local Security Checks
critical
101540FreeBSD : Apache httpd -- multiple vulnerabilities (457ce015-67fa-11e7-867f-b499baebfeaf)NessusFreeBSD Local Security Checks
critical
101532Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : httpd (SSA:2017-194-01)NessusSlackware Local Security Checks
critical