Apache Httpd < 2.4.27: Uninitialized memory reflection in mod_auth_digest

2017-06-28T00:00:00
ID HTTPD:B057D0A07B0AC97248CE6210E08ACAF7
Type httpd
Reporter We would like to thank Robert Święcki for reporting this issue.
Modified 2017-07-11T00:00:00

Description

The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments. by mod_auth_digest.

Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault.