SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionApache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration.(CVE-2017-9798)
SolutionRun 'yum update httpd24' to update your system.
Run 'yum update httpd' to update your system.