Security News > 2017 > September > Optionsbleed bug makes Apache HTTP Server leak data from memory

Optionsbleed bug makes Apache HTTP Server leak data from memory
2017-09-20 20:16

On Monday, security researcher Hanno Böck detailed a memory-leaking vulnerability in Apache HTTP Server that’s similar to the infamous OpenSSL Heartbleed bug uncovered in April 2014. Unlike Heartbleed, Optionsbleed (as Böck dubbed it) affects a relatively limited number of servers. About Optionsbleed (CVE-2017-9798) The bug affects Apache HTTP Server 2.2.x through 2.2.34 and 2.4.x through 2.4.27, and only those that sport a certain configuration in the .htaccess file. The vulnerability is actually a use after … More →


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/LZtfikqKm6M/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2017-09-18 CVE-2017-9798 Use After Free vulnerability in multiple products
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed.
network
low complexity
apache debian CWE-416
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apache 281 13 549 713 367 1642