80 matches found
Apache HTTP OptionsBleed Memory Leak Scanner (CVE-2017-9798)
OptionsBleed Scanner is a vulnerability scanning product. Remote attackers can use OptionsBleed Scanner to detect vulnerabilities on a target server...
Apache 2.4.x < 2.4.28 HTTP Vulnerability (OptionsBleed)
According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.28. It is, therefore, affected by an HTTP vulnerability related to the directive in an .htaccess file. Note that Nessus has not tested for these issues but has instead relied only on the application's...
SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2718-1) (Optionsbleed)
This update for apache2 fixes one issues. This security issue was fixed : - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS bsc1058058 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE...
Scientific Linux Security Update : httpd on SL7.x x86_64 (20171011) (Optionsbleed)
Security Fixes : - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child...
Oracle Linux 7 : httpd (ELSA-2017-2882)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-2882 advisory. 2.4.6-67.0.1.el74.5 - replace index.html with Oracle's index page oracleindex.html 2.4.6-67.5 - Resolves: 1493064 - CVE-2017-9798 httpd: Use-after-free by...
RHEL 7 : httpd (RHSA-2017:2882)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:2882 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: A use-after-free flaw was found ...
Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed) - Version Check
Apache HTTP Server allows remote attackers to read secret data from process memory if the Limit directive can be set in a user SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Apache Optionsbleed Scanner
This module scans for the Apache optionsbleed vulnerability where the Allow response header returned from an OPTIONS request may bleed memory if the server has a .htaccess file with an invalid Limit method defined. This module requires Metasploit: https://metasploit.com/download Current source:...
Fedora 26 : httpd (2017-a52f252521) (Optionsbleed)
This is a release fixing a security fix applied upstream, known as 'optionsbleed' in popular parlance. It is relevant for hosted and co-located instances of Fedora and why wouldn't you?. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora upda...
Debian DLA-1102-1 : apache2 security update (Optionsbleed)
Hanno Boeck discovered that incorrect parsing of Limit directives of .htaccess files by the Apache HTTP Server could result in memory disclosure. For Debian 7 'Wheezy', these problems have been fixed in version 2.2.22-13+deb7u12. We recommend that you upgrade your apache2 packages. NOTE: Tenable...
Debian DSA-3980-1 : apache2 - security update (Optionsbleed)
Hanno Boeck discovered that incorrect parsing of Limit directives of .htaccess files by the Apache HTTP Server could result in memory disclosure. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisor...
Ubuntu 14.04 LTS / 16.04 LTS : Apache HTTP Server vulnerability (USN-3425-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3425-1 advisory. Hanno Bck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker...
Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed) - Active Check
Apache HTTP Server allows remote attackers to read secret data from process memory if the Limit directive can be set in a user SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Ubuntu: Security Advisory (USN-3425-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Internet Bug Bounty: Optionsbleed / CVE-2017-9798
Bug has been disclosed here: https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html poc code: https://github.com/hannob/optionsbleed Apache is currently preparing 2.4.28, which will contain the fix, a patch is available in their svn repo...
USN-3425-1 apache2 vulnerability
Hanno Böck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker could possibly use this issue to read arbitrary server memory, including sensitive information. This issue is known as Optionsbleed...
USN-3425-1: Apache HTTP Server vulnerability
Hanno Böck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker could possibly use this issue to read arbitrary server memory, including sensitive information. This issue is known as Optionsbleed...
Risks Limited With Latest Apache Bug, Optionsbleed
Servers running Apache software are susceptible to memory leaks that an attacker could theoretically piece together to learn secrets transmitted during a session. But the risk is most pressing only in shared hosting environments apparently, and only if the software is running a certain rare...
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : httpd (SSA:2017-261-01) (Optionsbleed)
New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2017-261-01. The te...
Amazon Linux AMI : httpd24 / httpd (ALAS-2017-896) (Optionsbleed)
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret...