Optionsbleed bug makes Apache HTTP Server leak data from memory

2017-09-20 20:16

On Monday, security researcher Hanno Böck detailed a memory-leaking vulnerability in Apache HTTP Server that’s similar to the infamous OpenSSL Heartbleed bug uncovered in April 2014. Unlike Heartbleed, Optionsbleed (as Böck dubbed it) affects a relatively limited number of servers. About Optionsbleed (CVE-2017-9798) The bug affects Apache HTTP Server 2.2.x through 2.2.34 and 2.4.x through 2.4.27, and only those that sport a certain configuration in the .htaccess file. The vulnerability is actually a use after … More →

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/LZtfikqKm6M/

#apache #http #leak #server #CVE-2017-9798

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2017-09-18	CVE-2017-9798	Use After Free vulnerability in multiple products Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. network low complexity apache debian CWE-416	7.5

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Apache		281	13	544	711	366	1634