9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.468 Medium
EPSS
Percentile
97.4%
Severity: Critical
Date : 2017-07-14
CVE-ID : CVE-2017-9788 CVE-2017-9789
Package : apache
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-350
The package apache before version 2.4.27-1 is vulnerable to multiple
issues including arbitrary code execution and information disclosure.
Upgrade to 2.4.27-1.
The problems have been fixed upstream in version 2.4.27.
None.
A security issue has been found in apache’s mod_auth_digest <= 2.4.26,
leading to information disclosure or denial of service. The value
placeholder in [Proxy-]Authorization headers of type ‘Digest’ was not
initialized or reset before or between successive key=value assignments
by mod_auth_digest. Providing an initial key with no ‘=’ assignment
could reflect the stale value of uninitialized pool memory used by the
prior request, leading to leakage of potentially confidential
information, and a segfault.
A security issue has been found in apache’s mod_http2 <= 2.4.26. When
under stress, closing many connections, the HTTP/2 handling code would
sometimes access memory after it has been freed, resulting in
potentially erratic behaviour.
A remote attacker could access sensitive information if mod_auth_digest
is enabled, or be able to execute arbitrary code on the affected host
if mod_http2 is enabled.
https://httpd.apache.org/security/vulnerabilities_24.html
https://security.archlinux.org/CVE-2017-9788
https://security.archlinux.org/CVE-2017-9789
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.468 Medium
EPSS
Percentile
97.4%