7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.972 High
EPSS
Percentile
99.8%
Severity: High
Date : 2017-09-18
CVE-ID : CVE-2017-9798
Package : apache
Type : information disclosure
Remote : Yes
Link : https://security.archlinux.org/AVG-404
The package apache before version 2.4.27-2 is vulnerable to information
disclosure.
Upgrade to 2.4.27-2.
The problem has been fixed upstream but no release is available yet.
None.
An use after free vulnerability has been discovered in Apache HTTP
2.4.27 that causes a corrupted Allow header to be constructed in
response to HTTP OPTIONS requests. This can leak pieces of arbitrary
memory from the server process that may contain secrets. The memory
pieces change after multiple requests, so for a vulnerable host an
arbitrary number of memory chunks can be leaked.
The bug appears if a webmaster tries to use the “Limit” directive with
an invalid HTTP method.
A remote attacker is able to leak memory and potentially obtain
sensitive information from the server process.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61207
https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch
http://www.openwall.com/lists/oss-security/2017/09/18/2
https://github.com/hannob/optionsbleed
https://security.archlinux.org/CVE-2017-9798
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.972 High
EPSS
Percentile
99.8%