Lucene search
K

80 matches found

Check Point Advisories
Check Point Advisories
added 2017/10/15 12:0 a.m.27 views

Apache HTTP OptionsBleed Memory Leak Scanner (CVE-2017-9798)

OptionsBleed Scanner is a vulnerability scanning product. Remote attackers can use OptionsBleed Scanner to detect vulnerabilities on a target server...

5CVSS2AI score0.94999EPSS
Exploits9
Tenable Nessus
Tenable Nessus
added 2017/10/13 12:0 a.m.1433 views

Apache 2.4.x < 2.4.28 HTTP Vulnerability (OptionsBleed)

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.28. It is, therefore, affected by an HTTP vulnerability related to the directive in an .htaccess file. Note that Nessus has not tested for these issues but has instead relied only on the application's...

7.5CVSS7AI score0.94999EPSS
Exploits9References3
Tenable Nessus
Tenable Nessus
added 2017/10/13 12:0 a.m.62 views

SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2718-1) (Optionsbleed)

This update for apache2 fixes one issues. This security issue was fixed : - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS bsc1058058 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE...

7.5CVSS6.9AI score0.94999EPSS
Exploits9References4
Tenable Nessus
Tenable Nessus
added 2017/10/12 12:0 a.m.52 views

Scientific Linux Security Update : httpd on SL7.x x86_64 (20171011) (Optionsbleed)

Security Fixes : - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child...

7.5CVSS6.8AI score0.94999EPSS
Exploits9References2
Tenable Nessus
Tenable Nessus
added 2017/10/12 12:0 a.m.62 views

Oracle Linux 7 : httpd (ELSA-2017-2882)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-2882 advisory. 2.4.6-67.0.1.el74.5 - replace index.html with Oracle's index page oracleindex.html 2.4.6-67.5 - Resolves: 1493064 - CVE-2017-9798 httpd: Use-after-free by...

7.5CVSS7AI score0.94999EPSS
Exploits9References2
Tenable Nessus
Tenable Nessus
added 2017/10/12 12:0 a.m.67 views

RHEL 7 : httpd (RHSA-2017:2882)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:2882 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: A use-after-free flaw was found ...

7.5CVSS6.8AI score0.94999EPSS
Exploits9References5
OpenVAS
OpenVAS
added 2017/10/11 12:0 a.m.240 views

Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed) - Version Check

Apache HTTP Server allows remote attackers to read secret data from process memory if the Limit directive can be set in a user SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.5CVSS6.8AI score0.94999EPSS
Exploits9References5
Metasploit
Metasploit
added 2017/09/27 2:9 a.m.424 views

Apache Optionsbleed Scanner

This module scans for the Apache optionsbleed vulnerability where the Allow response header returned from an OPTIONS request may bleed memory if the server has a .htaccess file with an invalid Limit method defined. This module requires Metasploit: https://metasploit.com/download Current source:...

7.5CVSS8.5AI score0.94999EPSS
Exploits9
Tenable Nessus
Tenable Nessus
added 2017/09/25 12:0 a.m.51 views

Fedora 26 : httpd (2017-a52f252521) (Optionsbleed)

This is a release fixing a security fix applied upstream, known as 'optionsbleed' in popular parlance. It is relevant for hosted and co-located instances of Fedora and why wouldn't you?. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora upda...

7.5CVSS6.9AI score0.94999EPSS
Exploits9References2
Tenable Nessus
Tenable Nessus
added 2017/09/22 12:0 a.m.68 views

Debian DLA-1102-1 : apache2 security update (Optionsbleed)

Hanno Boeck discovered that incorrect parsing of Limit directives of .htaccess files by the Apache HTTP Server could result in memory disclosure. For Debian 7 'Wheezy', these problems have been fixed in version 2.2.22-13+deb7u12. We recommend that you upgrade your apache2 packages. NOTE: Tenable...

7.5CVSS6.9AI score0.94999EPSS
Exploits9References3
Tenable Nessus
Tenable Nessus
added 2017/09/21 12:0 a.m.56 views

Debian DSA-3980-1 : apache2 - security update (Optionsbleed)

Hanno Boeck discovered that incorrect parsing of Limit directives of .htaccess files by the Apache HTTP Server could result in memory disclosure. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisor...

7.5CVSS6.8AI score0.94999EPSS
Exploits9References5
Tenable Nessus
Tenable Nessus
added 2017/09/20 12:0 a.m.173 views

Ubuntu 14.04 LTS / 16.04 LTS : Apache HTTP Server vulnerability (USN-3425-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3425-1 advisory. Hanno Bck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker...

7.5CVSS7.2AI score0.94999EPSS
Exploits9References2
OpenVAS
OpenVAS
added 2017/09/20 12:0 a.m.74 views

Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed) - Active Check

Apache HTTP Server allows remote attackers to read secret data from process memory if the Limit directive can be set in a user SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.5CVSS6.8AI score0.94999EPSS
Exploits9References5
OpenVAS
OpenVAS
added 2017/09/20 12:0 a.m.45 views

Ubuntu: Security Advisory (USN-3425-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.1AI score0.94999EPSS
Exploits9References2
Hacker One
Hacker One
added 2017/09/19 6:4 p.m.264 views

Internet Bug Bounty: Optionsbleed / CVE-2017-9798

Bug has been disclosed here: https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html poc code: https://github.com/hannob/optionsbleed Apache is currently preparing 2.4.28, which will contain the fix, a patch is available in their svn repo...

5CVSS7.8AI score0.94999EPSS
Exploits9
OSV
OSV
added 2017/09/19 4:53 p.m.2 views

USN-3425-1 apache2 vulnerability

Hanno Böck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker could possibly use this issue to read arbitrary server memory, including sensitive information. This issue is known as Optionsbleed...

7.5CVSS6.8AI score0.94999EPSS
Exploits9References2
Ubuntu
Ubuntu
added 2017/09/19 4:53 p.m.105 views

USN-3425-1: Apache HTTP Server vulnerability

Hanno Böck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker could possibly use this issue to read arbitrary server memory, including sensitive information. This issue is known as Optionsbleed...

7.5CVSS7.2AI score0.94999EPSS
Exploits9
ThreatPost
ThreatPost
added 2017/09/19 10:29 a.m.9 views

Risks Limited With Latest Apache Bug, Optionsbleed

Servers running Apache software are susceptible to memory leaks that an attacker could theoretically piece together to learn secrets transmitted during a session. But the risk is most pressing only in shared hosting environments apparently, and only if the software is running a certain rare...

7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/09/19 12:0 a.m.66 views

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : httpd (SSA:2017-261-01) (Optionsbleed)

New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2017-261-01. The te...

7.5CVSS6.8AI score0.94999EPSS
Exploits9References2
Tenable Nessus
Tenable Nessus
added 2017/09/19 12:0 a.m.122 views

Amazon Linux AMI : httpd24 / httpd (ALAS-2017-896) (Optionsbleed)

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret...

7.5CVSS6.9AI score0.94999EPSS
Exploits9References2
Rows per page
Query Builder