CVE-2017-9798

Source
Severity High
Remote Yes
Type Information disclosure
Description
An use after free vulnerability has been discovered in Apache HTTP 2.4.27 that causes a corrupted Allow header to be constructed in response to HTTP OPTIONS requests. This can leak pieces of arbitrary memory from the server process that may contain secrets. The memory pieces change after multiple requests, so for a vulnerable host an arbitrary number of memory chunks can be leaked.
The bug appears if a webmaster tries to use the "Limit" directive with an invalid HTTP method.
Group Package Affected Fixed Severity Status Ticket
AVG-404 apache 2.4.27-1 2.4.27-2 High Fixed
Date Advisory Group Package Severity Description
18 Sep 2017 ASA-201709-15 AVG-404 apache High information disclosure
References
https://bz.apache.org/bugzilla/show_bug.cgi?id=61207
https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch
http://www.openwall.com/lists/oss-security/2017/09/18/2
https://github.com/hannob/optionsbleed