FreeBSD : Apache -- HTTP OPTIONS method can leak server memory (76b085e2-9d33-11e7-9260-000c292ee6b8) (Optionsbleed)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Fuzzing Project reports :

Apache httpd allows remote attackers to read secret data from process
memory if the Limit directive can be set in a user's .htaccess file,
or if httpd.conf has certain misconfigurations, aka Optionsbleed. This
affects the Apache HTTP Server through 2.2.34 and 2.4.x through
2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request
when attempting to read secret data. This is a use-after-free issue
and thus secret data is not always sent, and the specific data depends
on many factors including configuration. Exploitation with .htaccess
can be blocked with a patch to the ap_limit_section function in
server/core.c.

See also :

https://nvd.nist.gov/vuln/detail/CVE-2017-9798
http://www.nessus.org/u?211ff8aa

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 103344 ()

Bugtraq ID:

CVE ID: CVE-2017-9798

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now