CVE-2017-9788

Description

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.

CVSS Metrics

• v3.0•CRITICAL•Score: 9.1CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
• v2.0•MEDIUM•Score: 6.4AV:N/AC:L/Au:N/C:P/I:N/A:P

EPSS Trends

Current EPSS score: 49.50%• Percentile: 98%

Techniques & Countermeasures

• CWE-20•Improper Input Validation

  The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

• CWE-200•Exposure of Sensitive Information to an Unauthorized Actor

  The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Affected Systems

• apache software foundation•apache http server

  2.2.0 to 2.2.33 | 2.4.1 to 2.4.26

• Unknown•HTTP Server

  ≤ 2.2.33 | ≥ 2.4.0, ≤ 2.4.26

• apple•mac_os_x

  < 10.13.1

• debian•debian_linux

  8.0 | 9.0

• netapp•oncommand_unified_manager

  na

• netapp•storage_automation_store

  na

• oracle•secure_global_desktop

  5.3

• redhat•enterprise_linux_desktop

  6.0 | 7.0

• redhat•enterprise_linux_server

  6.0 | 7.0

• redhat•enterprise_linux_server_aus

  7.2 | 7.3 | 7.4 | 7.6

• redhat•enterprise_linux_server_eus

  6.7 | 7.2 | 7.3 | 7.4 | 7.5 | 7.6

• redhat•enterprise_linux_server_tus

  7.2 | 7.3 | 7.4 | 7.6

• redhat•enterprise_linux_workstation

  6.0 | 7.0

• redhat•jboss_core_services

  1.0

• redhat•jboss_enterprise_application_platform

  6.0.0 | 6.4.0

• redhat•jboss_enterprise_web_server

  2.0.0

References (46)

• https://access.redhat.com/errata/RHSA-2017:3113
• https://support.apple.com/HT208221
• https://access.redhat.com/errata/RHSA-2017:2479
• https://access.redhat.com/errata/RHSA-2017:2483
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us
• https://httpd.apache.org/security/vulnerabilities_22.html
• https://security.netapp.com/advisory/ntap-20170911-0002/
• https://access.redhat.com/errata/RHSA-2017:3240
• https://access.redhat.com/errata/RHSA-2017:2709
• https://access.redhat.com/errata/RHSA-2017:3195
• https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb%40%3Cannounce.httpd.apache.org%3E
• http://www.securityfocus.com/bid/99569
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://access.redhat.com/errata/RHSA-2017:3239
• https://access.redhat.com/errata/RHSA-2017:3114
• https://httpd.apache.org/security/vulnerabilities_24.html
• https://access.redhat.com/errata/RHSA-2017:3194
• http://www.securitytracker.com/id/1038906
• https://access.redhat.com/errata/RHSA-2017:3193
• https://access.redhat.com/errata/RHSA-2017:2710
• http://www.debian.org/security/2017/dsa-3913
• https://access.redhat.com/errata/RHSA-2017:2708
• https://security.gentoo.org/glsa/201710-32
• https://access.redhat.com/errata/RHSA-2017:2478
• https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
• https://www.tenable.com/security/tns-2019-09
• https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E